Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

Change Healthcare Blames ‘Blackcat’ Group For Cyber Attack That Disrupted Pharmacies And Health Systems | #ransomware | #cybercrime


Topline

UnitedHealth-owned Change Healthcare has confirmed the ransomware group “ALPHV/Blackcat” is behind its recent cyber attack, after initially suspecting a “nation-state associated cyber security threat actor,” as disruptions to pharmacies continue nearly a week after the attack was reported.

Key Facts

Change Healthcare said Blackcat was behind the attack and the company is still “working to understand the impact to members, patients and customers.”

The company also says it’s working with law enforcement and cybersecurity companies Mandiant and Palo Alto Networks to address the cyber attack, which is ongoing.

While UnitedHealth initially blamed a “nation-state” in a filing last week, cybersecurity experts say Blackcat has no known affiliations with any government—cybersecurity analyst Brett Callow told Reuters “as far as I am aware, they are financially motivated cybercriminals and nothing more.”

The group reportedly posted about the attack on the dark web, claiming it had accessed “more than 6 TB of highly selective data,” including medical and dental records, payment information and patients’ private information from a variety of Change Healthcare partners, though some reports say the post has since been deleted.

Who Is Blackcat?

Blackcat—also known as ALPHV or Noberus—typically follows a “ransomware-as-a-service” model, where developers create ransomware and affiliates use the ransomware to identify and attack “high-value victim institutions,” according to a December release from the Department of Justice. The DOJ says Blackcat typically steals victims’ data and then encrypts it, blocking them from accessing it. The group then charges a ransom in exchange for releasing the data and not publishing it. The Justice Department says Blackcat has triggered hundreds of millions of dollars worth of losses worldwide.

Key Background

Following the attack on Feb. 21, UnitedHealth shut down Change Healthcare’s system. The company said it believes the issue has only impacted Change Healthcare and “all other systems across UnitedHealth Group are operational.” Numerous pharmacies, including CVS, Walgreens, Publix and GoodRX, reported some level of business disruption related to the cyber attack.

Tangent

The Wall Street Journal reported Tuesday the Department of Justice had launched an antitrust investigation into UnitedHealth. In 2022, the Department tried to block United subsidiary Optum’s merger with Change Healthcare, but failed, allowing for Change Healthcare to become part of Optum and UnitedHealth.

Further Reading

MORE FROM FORBESChange Healthcare Cyberattack Disrupts Services Nationwide-Here’s What To Know

Follow me on TwitterSend me a secure tip.





Source link

.........................

National Cyber Security

FREE
VIEW