UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit

Written by

UnitedHealth Group has published a timeline to restore Change Healthcare’s systems following the BlackCat/ALPHV ransomware attack, which has led to delays to patient care across the US.

The healthcare conglomerate, which owns Change Healthcare, said it expects key pharmacy and payment systems to be restored and available by March 18.

In the meantime, UnitedHealth is urging its provider and payer clients to use applicable workarounds it has established, including its new iEDI claim submission system.

Did UnitedHealth Pay Ransom?

The announcement on March 7 comes days after Reuters reported that a post on a hacker forum claimed that UnitedHealth paid a $22m ransom to BlackCat to recover access to data and systems encrypted by the group.

The news outlet subsequently reported that blockchain analysis firm TRM Labs said the destination of the funds shown in the post was “associated with ALPHV.”

UnitedHealth has so far not commented on these reports. In the “frequently asked questions” section of its incident information page, the firm said it has been transparent with law enforcement and will continue to coordinate with law enforcement partners.

It was then reported that BlackCat operations have halted amid allegations it had defrauded an affiliate involved in the Change Healthcare attack. An affiliate implicated in the assault accused the gang of excluding them and fleeing with the substantial ransom paid by UnitedHealth.

There is speculation the move could be an ‘exit scam’ or a rebrand by the ransomware-as-a-service (RaaS) operator.

“Most Consequential” Cyber-Attack in US Healthcare History

The ongoing incident was described by Rick Pollard, American Hospital Association (AHA) President and CEO, on March 5 as “the most significant and consequential incident of its kind against the US healthcare system in history.”

This is due to its impact on hospitals’ ability to provide patient care, fill prescriptions, submit insurance claims and receive payment for their healthcare services.

The AHA also wrote a letter to Congress on March 4 asking for financial support to physicians impacted by the outage.

On March 5, the US Department of Health and Human Services announced new measures to help healthcare providers to continue to serve patients amid the difficulties in processing payments.

Change Healthcare first revealed it was suffering a network interruption on February 21, confirming later that day this was due to an “outside threat.”

Reports quickly emerged of pharmacies across the US being unable to process patient prescriptions.

In a filing to the US Securities and Exchange Commission (SEC), UnitedHealth said the attack was perpetrated by a “suspected nation-state associated cybersecurity threat actor.” It subsequently confirmed it had fallen victim to the BlackCat group.

What’s hot on Infosecurity Magazine?