UnitedHealth says 'Blackcat' ransomware group behind hack at tech unit

UnitedHealth Group confirms cyberattack by Blackcat ransomware group, impacting healthcare systems and patient services.

UnitedHealth Group said on Thursday a cyberattack at its tech unit, Change Healthcare, was perpetrated by hackers who identified themselves as the “Blackcat” ransomware group.

The statement confirms a Reuters report on Monday. UnitedHealth had initially blamed a “suspected nation-state associated cybersecurity threat actor” for the disruption.

The hack, disclosed last Wednesday, has had a knock-on effect on players across the U.S. healthcare system, as disruptions triggered by the attack have impacted electronic pharmacy refills and insurance transactions.

The company said its experts were working with law enforcement authorities and third-party consultants to gauge the impact on its customers and patients.

“We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action,” UnitedHealth said.

The outage could last for weeks, STAT News reported on Thursday, citing a recording obtained by the media outlet of a conference call with hospital cybersecurity officers.

STAT cited UnitedHealth Chief Operating Officer Dirk McMahon as saying that the company is setting up a loan program to help providers who cannot submit insurance claims while Change Healthcare is offline.

He said that program will last “for the next couple of weeks as this continues to go on,” STAT reported.

UnitedHealth did not immediately respond to a Reuters request for comment.

The American Hospital Association said it was in discussions with UnitedHealth and the federal government. A prolonged disruption of Change Healthcare’s systems could disrupt the ability of some health systems to pay salaries and equipment, the association said.

In a message posted on its darknet site that was quickly deleted, the Blackcat ransomware group, also “ALPHV” said on Wednesday it stole millions of sensitive records, including medical insurance and health data, from the company.

Blackcat has not returned repeated messages from Reuters, including a request for comment on UnitedHealth’s confirmation statement on Thursday.

Blackcat is one of the most notorious of the internet’s many ransomware gangs, which encrypt data to hold it hostage with the aim of extorting massive payouts.

The U.S. Department of Health and Human Services said it was working closely with the company’s unit, Optum Insight, “to assess the cyber incident and its impact on patient care”.

“The incident is a reminder to all healthcare providers and contractors to stay vigilant,” the agency said on Thursday.

Blackcat has previously struck other major businesses including MGM Resorts International and Caesars Entertainment.

The hack at MGM Resorts in September last year resulted in a $100 million hit to the company’s third-quarter results.

Meanwhile, healthcare providers across the United States are struggling to get paid following the outage at UnitedHealth’s technology unit, with some smaller providers saying they are already running low on cash.

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our News sections to stay informed and up-to-date with our daily articles.