UnitedHealth reportedly pays $22M ransomware | #ransomware | #cybercrime

Photo: Helen King/Getty Images

UnitedHealth Group paid $22 million to recover access to data and systems encrypted by the Blackcat ransomware gang, according to Reuters.

The information was obtained through a hacker forum post, dated Sunday, the report said. The message, allegedly from a partner of Blackcat, included a link showing that someone had moved about 350 bitcoins, now worth about $23 million, from one digital currency wallet to another.

Reuters said a cryptocurrency tracing firm partially corroborated the claim on Monday. Blackcat claimed last week that it had stolen millions of sensitive records in the cyberattack on Change Healthcare, but later deleted the post.

UnitedHealth Group did not immediately return a request for comment. The Optum status page, which has been giving regular updates on what is being done about the breach, had not been updated as of mid-morning Tuesday. 

It is not uncommon for large companies to pay hackers ransomware to regain control of their networks, especially in instances where a significant disruption has occurred, Reuters said.

This has been the case in the February 21 cyberattack on Change Healthcare, which has affected hospitals, physicians and pharmacies.


The American Medical Association is the latest provider organization to demand action for the disruption caused by the cyber breach.

The AMA has asked the Biden administration to make emergency funds available to physicians hurt by the outage.

The cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a twelfth day, the AMA wrote to Health and Human Services Secretary Xavier Becerra. 

The AMA is urging Becerra to use all its available authorities to ensure that physician practices can continue to function and patients can continue to receive the care that they need.

The top concerns are:
• Interruption of numerous administrative and billing processes,
• The inability to send claims, verify eligibility to confirm insurance coverage and benefit specifications, obtain prior authorization approvals, or receive electronic remittance advice. 
• A considerable proportion of revenue cycle processes have ground to a halt across practices,. 
• Having another method for health plans to provide physician practices timely claim submission requirements.
• Enormous administrative burdens being shifted to practices
• Practices are being instructed to use direct data entry and portals to submit claims, which are quite labor-intensive compared with using their regular practice management systems that pre-populate data. These “workarounds” are adding extensive administrative burdens as well as substantial costs to physician practices for this extra manual work. 
• Practices are filing claims on paper when available, but many insurance companies no longer accept paper claims.

While the American Hospital Association has advised providers that could be impacted by the breach to disconnect from Optum, healthcare organizations should consider the impact of severing connectivity, the AMA said. Disconnection includes, but is not limited to, a loss of prior procedure authorizations, electronic prescribing and other patient care functions, the AMA said. 


The AMA joins the AHA and MGMA in speaking out about the payment and function disruptions caused by Change’s cybersecurity breach.

UnitedHealth Group has offered a Temporary Funding Assistance Program to resume payment operations for hospitals but this “is not even a Band-Aid on the payment problems,” the AHA wrote in a March 4 letter to UHG President and Chief Operating Officer Dirk McMahon.

MGMA sent a letter to the Department of Health and Human Services asking for guidance, financial resources and enforcement discretion to avoid an escalation of what it called the harmful impact on medical groups. 

Email the writer: [email protected]


“Implementation of Novel Home-Based Care Programs” is scheduled for Friday, March 15, 10:30-11 a.m. ET in W208C at HIMSS24 in Orlando. Learn more and register.

Source link


National Cyber Security