UnitedHealth May Have Paid Ransomware Gang $22M to Fix Prescription Fiasco | #ransomware | #cybercrime

Evidence is emerging that UnitedHealth Group may have paid $22 million to the ransomware gang responsible for the Change Healthcare cyberattack, which has wreaked havoc on hospitals and pharmacies trying to process prescriptions.

On Monday, security researchers spotted a post in a Russian cybercriminal forum from an affiliate member who claims to be part of the ALPHV/Blackcat ransomware gang. The member alleges that UnitedHealth Group subsidiary Optum paid $22 million to “prevent data leakage” and get a decryption key to free itself from the ongoing disruption at Change Healthcare, also a UnitedHealth subsidiary.

The forum post then links to a Bitcoin wallet, which shows it receiving 350 bitcoins last Friday. The same wallet has also been tied to ALPHV, according to Wired, which cites the security companies Recorded Future and TRM Labs.  

In a bit of irony, the affiliate member disclosed alleges that the administrators of ALPHV actually swindled them out of that $22 million. “Be careful everyone and stop dealing with ALPHV,” adds the affiliate member, who says they still hold 4TB of stolen data from Change Healthcare.  

In response to the reported Bitcoin payment, a UnitedHealth Group spokesperson said: “All I can share is that we remain focused on the investigation and recovery of our operations.”

Recommended by Our Editors

If true, $22 million would rank as one of the highest ransomware payments, with no guarantees that any of the stolen data will be deleted. The current record holder is a $40 million payment insurance giant CNA paid back in 2021, according to Bloomberg. 

The $22 million could also embolden ransomware gangs to target the US health sector even more. As for Change Healthcare, the platform continues to experience “connectivity issues” two weeks after the ransomware attack began. The disruption even prompted US lawmakers to ask for federal funds to subsidize the prescriptions in the meantime.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Source link


National Cyber Security