Ransomware Group Blackcat Behind Cyberattack on Change Healthcare
ALPHV/Blackcat, a ransomware group, has been identified as the cybercrime threat actor behind the security breach on Change Healthcare, a UnitedHealth division, the company reported through its incident tracker on Feb. 29.
“In a since-deleted post on the dark web, Blackcat said Wednesday that it was behind the attack on Change Healthcare’s systems. The group said it managed to extract six terabytes of data, including information like medical records, insurance records and payment information,” CNBC’s Ashley Capoot reports.
“ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world. Due to the global scale of these crimes, multiple foreign law enforcement agencies are conducting parallel investigations,” per a news release from the U.S. Department of Justice on Dec. 19, 2023.
The outage resulting from a cyber-attack with Change Healthcare could last for several weeks, Brittany Trang reports on Feb. 29 for STAT News. “UnitedHealth Group Chief Operating Officer Dirk McMahon said the company is setting up a loan program to help providers who can’t submit insurance claims while Change is offline. He said that program will last ‘for the next couple of weeks as this continues to go on,’” Trang writes.
Meanwhile, president and CEO of the American Health Care Association and National Center for Assisted Living (AHCA/NCAL), Mark Parkinson, sent a letter to Secretary Xavier Becerra of the U.S. Department of Health and Human Services (HHS) asking to take action. Specifically, for both HHS and the Centers for Medicare and Medicaid Services (CMS) to announce that the situation meets the criteria for issuing accelerated payments through the Medicare program, instruct Medicare administrative contractors to notify providers of the accelerated payment policy, and encourage Medicare Advantage plans to provide a similar payment option, per a news brief from the AHCA press office.
“Timely payments are essential for facilities to maintain daily operations and to keep their doors open for residents and patients, and we request your support for providers to access accelerated payments,” Parkinson writes.
The cybersecurity attack on Change Healthcare has been disruptive throughout the healthcare sector. Anders Gilberg, senior vice president of government affairs of the Medical Group Management Association (MGMA), details the various consequences in a letter dated Feb. 28 to HHS, which include billing and cash flow disruptions, limited or no electronic remittance advice from health plans, rejections of prior authorization submissions, unable to perform eligibility checks, electronic prescriptions not being transmitted and lack of connectivity to data infrastructure.
“We request HHS utilize all the tools at its disposal to mitigate these impacts, so medical groups do not have to take drastic actions to remain in operation. Guidance, financial resources, enforcement discretion, and more are needed to avoid escalating an already serious situation,” Gilberg writes.
Change Healthcare’s systems have been down since the cyber-attack was first announced on Feb. 21. Healthcare Innovation will provide continued updates.