Ransomware Group Blackcat Behind Cyberattack on Change Healthcare

March 1, 2024
Outage following cyber-attack on Change Healthcare continues to disrupt the healthcare sector; may last for weeks, news outlets report

ALPHV/Blackcat, a ransomware group, has been identified as the cybercrime threat actor behind the security breach on Change Healthcare, a UnitedHealth division, the company reported through its incident tracker on Feb. 29.

“In a since-deleted post on the dark web, Blackcat said Wednesday that it was behind the attack on Change Healthcare’s systems. The group said it managed to extract six terabytes of data, including information like medical records, insurance records and payment information,” CNBC’s Ashley Capoot reports.

“ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world.  Due to the global scale of these crimes, multiple foreign law enforcement agencies are conducting parallel investigations,” per a news release from the U.S. Department of Justice on Dec. 19, 2023.

The outage resulting from a cyber-attack with Change Healthcare could last for several weeks, Brittany Trang reports on Feb. 29 for STAT News. “UnitedHealth Group Chief Operating Officer Dirk McMahon said the company is setting up a loan program to help providers who can’t submit insurance claims while Change is offline. He said that program will last ‘for the next couple of weeks as this continues to go on,’” Trang writes.

Meanwhile, president and CEO of the American Health Care Association and National Center for Assisted Living (AHCA/NCAL), Mark Parkinson, sent a letter to Secretary Xavier Becerra of the U.S. Department of Health and Human Services (HHS) asking to take action. Specifically, for both HHS and the Centers for Medicare and Medicaid Services (CMS) to announce that the situation meets the criteria for issuing accelerated payments through the Medicare program, instruct Medicare administrative contractors to notify providers of the accelerated payment policy, and encourage Medicare Advantage plans to provide a similar payment option, per a news brief from the AHCA press office.

“Timely payments are essential for facilities to maintain daily operations and to keep their doors open for residents and patients, and we request your support for providers to access accelerated payments,” Parkinson writes.

The cybersecurity attack on Change Healthcare has been disruptive throughout the healthcare sector. Anders Gilberg, senior vice president of government affairs of the Medical Group Management Association (MGMA), details the various consequences in a letter dated Feb. 28 to HHS, which include billing and cash flow disruptions, limited or no electronic remittance advice from health plans, rejections of prior authorization submissions, unable to perform eligibility checks, electronic prescriptions not being transmitted and lack of connectivity to data infrastructure.

“We request HHS utilize all the tools at its disposal to mitigate these impacts, so medical groups do not have to take drastic actions to remain in operation. Guidance, financial resources, enforcement discretion, and more are needed to avoid escalating an already serious situation,” Gilberg writes.

Change Healthcare’s systems have been down since the cyber-attack was first announced on Feb. 21. Healthcare Innovation will provide continued updates.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...