- How to Limit The Health Risks Posed by Polluted Air
- U.S. States Warm, But Not As Expected
- Rovner Recaps Medicaid Cuts’ Impact on Hospitals and Fields Caller Questions on Affordability
- CMS proposes mandatory hospital-bundled model for joint replacements
- CMS proposes mandatory hospital-bundled model for joint replacements
- CMS pitches 2.4% hospital pay bump, mandatory joint replacement model: 7 things to know
- Mayo Clinic enhances imaging test with AI
- Christus Health to open Texas multi-specialty clinic
- CMS proposes extension of prior authorization rule to cover drugs: 6 notes
- Penn Medicine, Epic lean into EHR ‘nudges’
- AdventHealth breaks ground on $27M freestanding ER
- Henry Ford hospital strike enters 7th month: 6 notes
- Texas launches rural hospital leadership academy
- Children’s Minnesota staff email account compromised
- UHS’ CEO-to-worker pay ratio over the past 5 years
- Medicaid’s consistency problem in dentistry
- Dental groups seek $600M+ in FY 2027 federal budget: 5 notes
- Missouri dental school grows student body by 33% to combat dentist shortages
- Prior authorization by the numbers: 10 stats that show the strain
- The Trump Administration Is Seeking Federal Workers’ Sensitive Medical Data. That’s Raising Alarms.
- 5 new university programs tackling behavioral health workforce gaps
- Texas Children’s gets $5M gift for behavioral health services
- Cardiology malpractice cases by the numbers
- Texas Children’s receives $5M estate gift for behavioral health
- CMS proposes 2.4% hospital pay increase, nationwide mandatory model rollout
- Which physician specialty is most likely to have a salaried paycheck?
- 20+ dental education updates to know from Q1
- Proposed CMS rule would set prior auth deadlines for drugs
- The best orthopedic ASCs in the West: US News
- 4 clinics closing after physician owner sentenced for selling recalled medical devices as new
- VA program deploys 700+ VR ‘mental wellness’ kits
- The cost of private equity firms owning residential SUD facilities: 4 things to know
- 10 highest, lowest-paying physician specialties
- Independent GI practices shrinks as reimbursements fall 38% over a decade
- HHS, after legal setback, updates ACIP charter to put more emphasis on vaccine safety
- HHS, after legal setback, updates ACIP charter to put more emphasis on vaccine safety
- New York system to open $12M outpatient imaging center
- Costco Recalls Cookies Over Missing Nut Allergy Warning
- CDC Pauses Release of COVID Vaccine Effectiveness Study
- Pharma company withdraws FDA application amid White House autism treatment push
- Endoscopy at scale: The reprocessing best practices separating high-performing teams
- Demand Surge Leads to Shortages of Estrogen Patches
- What to know about the fastest-growing DSO
- 4 DSOs making headlines
- Statement Regarding Staff No-Action Letter to Bank of England
- Op-ed: Administrative fragility is costing healthcare more than we think
- Alaska city opens addiction treatment microunit program
- Title X Funding Restored, but New Rules Raise Concerns
- Function Health acquires mobile healthcare platform Getlabs to provide members with at-home lab tests
- The Healthcare Burnout Backlash (pt 3): How Workflow Redesign Is Helping Healthcare Organizations Offset Staffing Shortages
- The Healthcare Burnout Backlash (pt 3): How Workflow Redesign Is Helping Healthcare Organizations Offset Staffing Shortages
- BD Announced Application of CE Mark for the Liverty TIPS Stent Graft
- BD Announced Application of CE Mark for the Liverty TIPS Stent Graft
- Blackstone and TPG Complete Acquisition of Hologic; Names New CEO
- Blackstone and TPG Complete Acquisition of Hologic; Names New CEO
- Endospan Receives FDA Approval for the NEXUS Aortic Arch Stent Graft System
- Endospan Receives FDA Approval for the NEXUS Aortic Arch Stent Graft System
- InVera Medical Receives FDA Clearance for Non-Thermal Chronic Venous Disease Device
- InVera Medical Receives FDA Clearance for Non-Thermal Chronic Venous Disease Device
- Starting material sourcing bottlenecks increase US drug shortage risks: report
- Novartis cuts 114 more jobs at New Jersey HQ as restructuring rolls on
- Charles River flows into Boston to help AHA bridge cardiovascular health divide
- Your Brain Cares If Your Plant-Based Diet Is Unhealthy, Researchers Report
- Your Neighborhood Might Help Make You Old Before Your Time
- Heavy 'Forever Chemical' Exposure Before Birth Increases Childhood Asthma Risk, Study Finds
- High-Tech Magnets Offer New Hope for Veterans Battling Combat PTSD
- Early Diagnosis Key To ADHD Child's Academic Success, Study Finds
- Study Reveals Who Americans Think Should Pay for Elder Care
- Envision hires ConcertAI, IQVIA alum Nick Jones as its med comms president
- The top 10 pharma R&D budgets of 2025
- For Many Patients Leaving the ICU, the Struggle Has Only Just Begun
- Watch: As AI Makes More Health Coverage Decisions, the Risks to Patients Grow
- Bial launches ‘Dialogues with Parkinson’s’ campaign aimed at identifying early symptoms
- Novartis pumps up community health footprint to tackle heart disease and cancer
- Abbott survey finds ‘information overload, confusion and cost’ affecting health choices in US
- FDA accuses Amneal, BioCorRx of producing ‘false and misleading’ drug promos
- North Carolina provider launches mobile opioid treatment unit
- U of Pittsburgh debuts online infant mental health certificate
- Emerging DSO lands Ohio partnership
- Heartland Dental added 5 de novos in March
- The states with the highest, lowest migration rate of dentists since 2019
- What the Health? From KFF Health News: Abortion Pills, the Budget, and RFK Jr.
- Specialty DSO eyes new growth levers after entering several states
- Hospital M&A roars back to life in Q1 2026; Operating performances fray in February
- Epic rolls out health alerts to flag rising rates of illness at the county level
- Fierce Pharma Asia—Takeda-Denali split-up; Merck, Zhifei's revised deal; Shionogi's made-in-US plan
- Brain Scans Reveal How Psychedelics Change Perception
- Benefits leaders report increased operational, financial costs amid 'digital health vendor sprawl': Solera survey
- Vanda initiates study of motion sickness drug Nereus in GLP-1 users
- Judge Allows Abortion Pill, Mifepristone, To Continue Being Mailed for Now
- Bangladesh Measles Outbreak Kills 100+ Kids, Emergency Shots Begin
- Regulatory burdens continue to mount for physician practices
- Medicare navigation company Chapter banks $100M series E funding round
- Hair Growth Product, Tuymec Minoxidil Hair Growth Kits, Recalled Over Child Poisoning Risk
- Garda snaps up Assertio and chemo infection treatment Rolvedon in $125M deal
- AbbVie challenges 'outdated' 340B drug discount program guidance in new lawsuit
- AbbVie challenges 'outdated' 340B drug discount program guidance in new lawsuit
- Eli Lilly launches oral GLP-1 drug across US through Lilly Direct, telehealth providers
- Humana, Noom and Welldoc team up with b.well to expand health data access as part of CMS push
- America's Sexual Health Report Card Contains Some Surprises
- Years of Excess Weight, Not One Bad Checkup, Drive Heart Disease Risk
- There Are No Good Ways To Avoid Childhood Eczema But Many Treatment Options
- More Children, Teens At Risk From E-Scooter Crashes, Study Finds
- This Treatment Can Improve Your Odds Of Surviving C. Diff Infection
- Alzheimer’s Tests May Mask Risks for Women
- RFK Jr. launching health podcast to expose ‘hypocrisy’ and ‘corruption’
- RFK Jr. launching health podcast to expose ‘hypocrisy’ and ‘corruption’
- Advocate Health improves to 4% operating margin, $4.6B bottom line across 2025
- Farm Bureau Health Plans Beat the ACA on Prices With an Age-Old Tactic: Rejecting Sick People
- States Face Another Challenge With Medicaid Work Rules: Staffing Shortages
- Avalyn plans IPO to fund phase 3 trials of inhaled versions of approved respiratory drugs
- Judge rules that HHS must face states' lawsuit over RFK Jr.'s agency overhaul, massive layoffs
- Judge rules that HHS must face states' lawsuit over RFK Jr.'s agency overhaul, massive layoffs
- Consumers' satisfaction with health plan apps improves with familiarity: JD Power
- Nurses' job satisfaction stumbles after post-pandemic gains: survey
- Amazon launches 2 new digital health partnerships for nutrition therapy, sleep care in health conditions program
- Former NFL Star Steve McMichael Diagnosed With CTE After His Death
- Steven Ubl set to depart after more than a decade as CEO of PhRMA
- Nixing prior auth, outlier hospital bills could lower health costs, Center for American Progress' policy plan says
- Shionogi nabs initial $119M award from BARDA to establish US antibiotic plant
- More Drugmakers Join TrumpRx
- Graco Recalls Infant Car Seats Over Structural Issue
- Orlando Health fleshes out Alabama footprint with another acquisition
- US adults still turn to providers for accurate health information even as AI chatbot use grows: Pew survey
- Pfizer walks away from 'underutilized' office space in South San Francisco, transitions employees to remote roles
- Biogen settles investor lawsuit over its messaging on failed Alzheimer's drug Aduhelm
- Digital health startups raked in $4B during Q1 with 12 megadeals driving investment: Rock Health
- New Cervix-On-A-Chip May Revolutionize STI Treatment
- The Flu Vaccine Can Lower Your Risk Of Heart Attack And Stroke — Even If You Wind Up Infected
- Long COVID Linked to Heart Health Risks
- Herbal Drug Kava Poses Increasing Health Threat In U.S., CDC Warns
- Preschoolers' Solitary Screen Time Could Mean Behavior Problems, Language Difficulties Later On
- Combo Heat Waves/Droughts Will Affect Billions A Year By 2100, Researchers Project
- Amgen CEO netted $24.7M pay package in ‘25 as company’s upward trajectory continued
- J&J's Tremfya retakes TV drug ad spending crown from AbbVie
- Urgent Care Clinics Move To Fill Abortion Care Gaps in Rural Areas
- Trump’s Personnel Agency Is Asking for Federal Workers’ Medical Records
- FDA Approves First Generic Farxiga (dapagliflozin) Tablets
- Reliance on EHR vendors' tech roadmap slows down AI progress, senior IT leaders say
- ¿Puedo decirle a mi médico que no quiero que use la inteligencia artificial para tomar notas?
- Remarks at the Texas Stock Exchange Event: Welcome to the Boom Belt: A Return to First Principles in Public Markets
- Wawa Recalls Drinks Over Undeclared Milk Allergen
- Scientists Test New Ways To Regrow Joints Damaged by Arthritis
- This New Method May Make French Fries Lower in Fat
- U.S. Plans Tariffs up to 100% on Some Brand-Name Drugs
- Americans May Be Losing Trust for AI in Health Care: Survey
- Cheap Blood Test Might Spot Cancers, Other Diseases
- Danger at Home: Cleaning Products Are Harming Kids
- Could a High-Dose Flu Shot Lower Your Alzheimer's Risk?
- Allevion Medical Receives 510K Clearance for Vantage Spinal Decompression System
Originally, this cyberattack on UnitedHealth subsidiary Change Healthcare was reported as a minor event affecting a few pharmacies in Michigan's Thumb region. It is actually far more extensive and is now crippling pharmacies across the nation:
https://www.healthcaredive.com/news/change-cyberattack-unitedhealth-nation-state/708328/
UnitedHealth suspects ‘nation-state’ behind Change cyberattack
Pharmacies and providers nationwide are struggling to process prescriptions following the attack.
Dive Brief:
- UnitedHealth suspects a “nation-state” is behind the cyberattack on its revenue cycle management subsidiary Change Healthcare, the healthcare conglomerate said in a filing with the Securities and Exchange Commission on Thursday.
- Change reported disruptions to its applications on Wednesday before taking its systems offline, citing an “outside threat.” The company handles 15 billion payment transactions each year, and is one of the largest commercial prescription processors in the U.S.
- Pharmacies and other providers nationwide — including military facilities — have reported struggles processing prescriptions as a result of the outage. On Thursday, the American Hospital Association urged hospitals to disconnect from Optum, the UnitedHealth division that includes Change, and check their systems following the attack.
Dive Insight:
Hackers associated with nation-states are to blame for some of the most disruptive cyberattacks in the U.S., including in the healthcare industry.
A series of cyberattacks starting in 2014 against health insurer Anthem, now called Elevance, led to the largest U.S. health data breach in history, exposing the information of almost 79 million people. A cyber group affiliated with China was behind the attack, according to the U.S. government.
Nation-state adversaries including China, Russia, North Korea and Iran pose an “elevated threat” to national security, according to the Cybersecurity and Infrastructure Security Agency.
Attacks from nation-states are aimed at prolonged network intrusion, allowing for espionage, data theft and system disruption, according to CISA.
As geopolitical unrest increases, including from Russia’s invasion of Ukraine and the Israel-Hamas war, so does the threat of cyberattacks in an industry where operational downtime can cause steep financial losses and contribute to worsening patient health, experts say.
UnitedHealth did not identify the country it believes is behind Change attack. When asked for more information, a spokesperson for the company shared Change’s original statement from Wednesday.
It’s hard to determine which nation-state could be behind the attack without knowing more, according to Deron Grzetich, head of cybersecurity at consultancy West Monroe. But the perpetrator likely wasn’t North Korea, which uses ransomware in most of its attacks to gather funds for the country, Grzetich said in an interview.
The cyberattack is isolated to Change, and UnitedHealth’s other operations are unaffected, according to the company.
Change, one of UnitedHealth’s numerous subsidiaries, is one of the largest health technology companies in the U.S., providing payment, clinical and patient engagement services for health insurers, providers and pharmacies.
One in three patient records in the U.S. are “touched by our clinical connectivity solutions,” according to Change’s website.
The company provides technology services for more than 67,000 pharmacies. After Change took down its systems, many pharmacies have been unable to verify patients’ insurance coverage, determine copayment amounts or perform other operations necessary to process prescriptions.
Military healthcare program Tricare says on its website that military clinics and hospitals will be providing prescriptions manually until the cyberattack is resolved.
Other pharmacies that have said they’re having difficulty or are unable to process prescriptions include Scheurer Health in Michigan; 22nd Medical Group in Kansas; and Knight’s Pharmacy in Kentucky.
“Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain health care technologies and clinical authorizations provided by Optum across the health care sector,” the AHA said in a Thursday notice to its members.
UnitedHealth is working to restore systems and resume normal operations “as soon as possible, but cannot estimate the duration or extent of the disruption at this time,” the SEC filing says.
As of Friday morning, many of Change’s log-in systems were still down.
West Monroe’s Grzetich said it’s interesting that a nation-state is behind the attack, given an unclear motivation for wanting to disrupt U.S. pharmacy functions. The country could be after data to help its intelligence operations, he said.
Change, which UnitedHealth acquired for $13 billion in 2022, is the latest victim of cybercriminals targeting the healthcare sector.
Cyberattacks against healthcare organizations have been mounting, with recent high-profile attacks against Lurie Children’s Hospital in Chicago and Ardent Health Services, a multistate hospital operator. Experts say healthcare organizations may be more vulnerable to cyberattacks than organizations in other industries, due to decades of underfunding of cybersecurity protocols.
This hack is becoming a really big story as it continues to disrupt pharmacies:
UnitedHealth hackers say they stole 'millions' of records, then delete statement
By Raphael Satter - February 28, 2024WASHINGTON, Feb 28 (Reuters) - In a message posted to, and then quickly deleted from their darknet site, the hackers blamed for striking the UnitedHealth Group said on Wednesday they stole millions of sensitive records, including medical insurance and health data, from the company.
In its claim of responsibility, the group known as "Blackcat" or "ALPHV" posted a statement to its site saying it had stolen 8 terabytes of data from UnitedHealth, according to screenshots of the posting shared online by cybersecurity researchers.
UnitedHealth, whose Change Healthcare unit was at the center of the breach, said it was aware of the statement and was "looking into it."Blackcat said it stole data from partners including Medicare, the U.S. military medical health agency Tricare, CVS Health (CVS.N), opens new tab and other companies.
The claim was swiftly removed without explanation. Reuters attempts to reach the hackers have been so far unsuccessful and the news agency had no immediate way to verify the claims, which weren't backed up with any data or screenshots.
The Centers for Medicare and Medicaid Services did not immediately return a message seeking comment. Tricare, which has said all of its military pharmacies were impacted by the hack, also did not immediately return a message seeking comment.In a statement, CVS said it was aware of the hackers' statement but that, "at this time, Change Healthcare has not confirmed whether any CVS Health member or patient information that it holds, including CVS Caremark information, was impacted by this incident."
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, said there could be several reasons why the hackers would make an inflamatory statement and then delete it.
One possibility was that the hackers had entered ransom negotiations with UnitedHealth, or that the talks had entered a new phase. It was also possible the hackers were trying to gin up attention in a bid to force the healthcare company to come to the negotiating table. Or maybe the hackers just thought the better of it and "decided they didn't want so much attention at this particular point in time."
Blackcat has a history of disruptive hacks, including attacks on MGM Resorts International and Caesars Entertainment that snarled operations at hotels and casinos last year.
UnitedHealth now blames a Russian cybergang known as Black Cat, or AlphV, for the attack, but the FBI supposedly dismantled this gang in December. Someone is lying:
https://www.npr.org/2024/03/01/1235255804/pharmacies-ransomware-prescriptions-unitedhealth
Health care company ties Russian-linked cybercriminals to prescriptions breach
By Jenna McLaughlin - March 1, 2024A ransomware attack is disrupting pharmacies and hospitals nationwide, leaving patients with problems filling prescriptions or seeking medical treatment.
On Thursday, UnitedHealth Group accused a notorious ransomware gang known as Black Cat, or AlphV, of hacking health care payment systems across the country.
Last week, the top health insurance company disclosed that its subsidiary, Optum, was impacted by a "cybersecurity issue," leading to its digital health care payment platform, known as Change Healthcare, being knocked offline.
As a result, hospitals, pharmacies and other health care providers have either been unable to access the popular payment platform, or have purposefully shut off connections to its network to prevent the hackers from gaining further access.
UnitedHealth says that as of Monday it estimated that more than 90% of 70,000 pharmacies in the U.S. have had to change how they process electronic claims as a result of the outage.
While the company has set up a website to track the ongoing outage, reassuring customers that there are "workarounds" to ensure access to medications, the outage could last "weeks," according to a UnitedHealth executive who spoke on a conference call with cybersecurity officers, a recording of which was obtained by STAT News.
After hiring multiple outside firms, including top cybersecurity companies Mandiant and Palo Alto Networks, UnitedHealth released its conclusion that BlackCat, or AlphV, is behind the breach, a conclusion bolstered by the group itself originally claiming credit on its dark web leak site. The post has since been taken down.
"Hacked the hackers"
However, the fact that the ransomware gang may be responsible is also something of a twist.
Just a few months ago, the FBI broke into the groups' internal servers, stealing information about decryption tools for victims and seizing control of several of its websites. The U.S. government celebrated the disruption, a major operation with multiple foreign governments involved. "In disrupting the Black Cat ransomware group, the Justice Department has once again hacked the hackers," said Deputy Attorney General Lisa Monaco in a news release.
Black Cat's seeming ability to regroup and breach one of the largest health care entities in the U.S. demonstrates how challenging it is to hamper these groups long-term.
Cybercriminals frequently reassemble after experiencing setbacks, particularly when their operators are located in countries whose law enforcement agencies are lax about prosecuting their crimes.
That's especially true in Russia. While researchers have not definitively tied BlackCat to Russia or its government, they've concluded it is a Russian-speaking group. U.S. intelligence officials have spoken frequently about the Russian government's willingness to turn a blind eye to cybercrime, in exchange for the hackers' service in intelligence operations. That has been especially true during the war in Ukraine.
In addition to the health care breach, Black Cat also recently claimed to have stolen classified documents and sensitive personal data about Department of Defense employees from U.S. federal contractors.
WIRED reports more from this story's cyber shadows - lawbreakers, law enforcement, and legal data collectors.
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.The ransomware attack targeting medical firm Change Healthcare has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV or BlackCat, received a $22 million transaction that looks very much like a large ransom payment.
On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers who work with the group to penetrate victim networks—posted to the cybercriminal underground forum RAMP that AlphV had cheated them out of their share of the Change Healthcare ransom, pointing to the https://www.blockchain.com/explorer/addresses/btc/14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b" }">publicly visible $22 million transaction on Bitcoin's blockchain as proof.
A spokesperson for Change Healthcare, which is owned by UnitedHealth Group, declined to answer whether it had paid a ransom to AlphV, telling WIRED only that “we are focused on the investigation right now.”
Both Recorded Future and TRM Labs, a blockchain analysis firm, connect the Bitcoin address that received the $22 million payment to the AlphV hackers. TRM Labs says it can link the address to payments from two other AlphV victims in January.
If Change Healthcare did pay a $22 million ransom, it would not only represent a huge payday for AlphV, but also a dangerous precedent for the health care industry, argues Brett Callow, a ransomware-focused researcher with security firm Emsisoft. Every ransomware payment, he says, both funds future attacks by the group responsible and suggests to other ransomware predators that they should try the same playbook—in this case, attacking health care services that patients depend on.
“If Change did pay, it's problematic,” says Callow. “It highlights the profitability of attacks on the health care sector. Ransomware gangs are nothing if not predictable: If they find a particular sector to be lucrative, they’ll attack it over and over again, rinse and repeat.”
The self-described AlphV affiliate who first posted evidence of the payment on RAMP, and who goes by the name “notchy,” complained that AlphV had apparently collected the $22 million ransom from Change Healthcare and then kept the entire sum, rather than share the profits with their hacking partner as they had allegedly agreed. “Be careful everyone and stop deal with ALPHV," notchy wrote.
That affiliate hacker also wrote that in their penetration of Change Healthcare's network, they had accessed the data of numerous other health care firms partnered with the company. If that claim is accurate, Recorded Future's Smilyanets points out, it creates the additional risk that the affiliate hacker still possesses sensitive medical information. Even if Change Healthcare did pay AlphV, the hacker affiliate could still demand additional payment or leak the data independently.“The affiliates still have this data, and they’re mad they didn’t receive this money,” says Smilyanets. “It’s a good lesson for everyone. You cannot trust criminals; their word is worth nothing.”
As ransomware payments go, $22 million would represent a remarkably profitable score for AlphV. Only a relatively small number of ransoms in the history of ransomware, such as the $40 million payment made by the financial firm CNA to the hackers known as Evil Corp, have been so large, says Emsisoft's Callow. “It’s not without precedent, but it’s certainly very unusual,” he says.
Regardless of whether Change Healthcare is confirmed to have paid that ransom, the attack shows that AlphV has pulled off a disturbing comeback: In December, it was the target of an FBI operation that seized its dark web sites and released decryption keys that foiled its attacks on hundreds of victims. Just two months later, it carried out the cyberattack that paralyzed Change Healthcare, triggering an outage whose effects on pharmacies and their patients have now stretched well beyond a week. As of last Tuesday, AlphV listed 28 companies on the dark web site it uses to extort its victims, not including Change Healthcare.
That site has now gone offline. As of Tuesday morning, it displayed what appeared to be a law enforcement seizure notice, but security researcher Fabian Wosar points out that the notice https://twitter.com/fwosar" }">seems to have been copied from AlphV's last takedown. The reason for the group's disappearance—whether due to another law enforcement operation or AlphV's attempts to dodge its own cheated affiliates—is unclear. Ransomware trackers say AlphV has disappeared and rebranded several times before. Earlier incarnations under the name BlackCat, BlackMatter, and Darkside were all more or less the same group, security researchers note.
In fact, the hackers working under that Darkside handle were responsible for the 2021 Colonial Pipeline ransomware attack that triggered the shutdown of gas transportation across the Eastern Seaboard of the US and resulted in a brief fuel shortage in some East Coast cities. In that case, too, the victims paid the hackers' ransom. “It was the hardest decision I've made,” Colonial's CEO Joseph Blount later told a US congressional hearing.
Now, it seems, some of the same hackers may have forced yet another company to make that same hard decision.
Update 3/4/2024, 1:50 pm EST: Included additional contextual details about AlphV and related ransomware attacks.
Updated 3/5/2024, 10:30 am EST to note that AlphV's dark web site now displays what appears to be a law enforcement takedown message.
https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/
Andy Greenberg is a senior writer for WIRED, covering hacking, cybersecurity and surveillance. He’s the author of the new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. His last book was Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books and excerpts from them published in WIRED have won awards including two Gerald Loeb Awards for distinguished business and financial reporting, a Sigma Delta Chi Award from the Society of Professional Journalists and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED's New York office.
The Change Healthcare hack has become very expensive. Who pays for it?
UnitedHealth says advanced over $2 bln in payments to providersBy Bhanvi Satija and Sriparna Roy in Bengaluru; March 18, 2024
(Reuters) - UnitedHealth Group (UNH.N) said on Monday it has advanced payments of over $2 billion so far to provide assistance to healthcare providers, financially affected following a cybersecurity attack on its technology unit, Change Healthcare.
The company said it will start releasing its medical claims software on Monday and it will become available to "thousands of customers" over the next several days.
Change Healthcare, which was hit by a cyberattack on Feb. 21, is a vital lynchpin in the system for making and clearing insurance claims as it processes about 50% of medical claims in the United States for around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals and 600 laboratories.
UnitedHealth last week restored its payments processing and pharmacy network services after days of disruption following the cyberattack.
The company said on Monday it will continue restoration of remaining services until all customers have been connected.
UnitedHealth said it has suspended paperwork required to get approval for insurance coverage for most outpatient services, as well as review of inpatient admissions for government-backed Medicare Advantage plans to help those impacted.
What a mess.
Morning Brew gave this synopsis one week ago:
Quote: “We’re hemorrhaging money.”
Thousands of smaller medical practices, like one outside Philly managed by Catherine Reinheimer, are still unable to process insurance payments more than two weeks after a cyberattack disrupted the computer networks of Change Healthcare, the largest billing and payment clearinghouse in the US, CNN reported. Change is part of UnitedHealth Group, which says it is still weeks away from restoring the system that remits payments to providers, some of whom have been forced to take out loans to stay afloat. Experts say the US healthcare system is losing $100 million each day from the disruption.
One month after the attack, Change Healthcare brings their AWS account back on line:
Change Healthcare restores Amazon cloud services after cyberattack
By Giles Bruce - March 21, 2024Change Healthcare said it has reinstated Amazon cloud services for two of its platforms a month into a cyberattack against the company.
The UnitedHealth Group and Optum subsidiary said March 20 it restored Amazon Web Services from backups for Assurance, a claims and remittance management program, and claims clearinghouse Relay Exchange. Change said it rebuilt authentication services for the solutions on a new network with the help of cybersecurity firms Palo Alto Networks and Mandiant, a Google subsidiary. The company said it is also testing the security of the external-facing parts of those applications.
Change took IT systems offline Feb. 21 after experiencing a ransomware attack, disrupting payment and pharmacy services for hospitals, health systems and healthcare organizations across the country. The company has since been incrementally restoring its applications. Cybersecurity experts have told Becker's that cyberattacks of this magnitude can last at least a month.
"We have taken every precaution and safety measure and implemented several rounds of security protocols — both internally and with our third-party partners — to ensure complete confidence in the platform," Change said March 20. "As we've stated, our Optum, UnitedHealthcare and UnitedHealth Group systems remain safe and were not affected by this issue. We regularly scan those environments and continue to validate they were not impacted. Anything currently functioning means we have full confidence in it."
This has to be the most costly cyberattack in healthcare history.
Many lawsuits are now being filed against UnitedHealth Group in the largest healthcare cyberattack to date, but the pain continues for patients who use their services:
Drug delays, skyrocketing prices an ongoing effect of massive cyberattack
By Justin P. Hicks | March 22, 2024Frustrated patients in Michigan and around the country have had to pay out of pocket for medicine for chronic diseases and other illnesses or go without in the fallout from a cyberattack of a major health care company.
The tech company, Change Healthcare, has restored access to many of its systems in the weeks since the Feb. 21 attack announcement. However, some services remained down as of Thursday, March 21, including the system that processes discount/savings cards to bring down drug prices for patients.
Brian Feinman is one such patient.
The 53-year-old former nurse from Grass Lake typically pays $25 per month for his Type 2 diabetes medication, thanks to a savings card program offered by Ozempic manufacturer Novo Nordisk.
But in the aftermath of the cyberattack against Tennessee-based Change Healthcare, Feinman has had to choose between paying $953 for his weekly Ozempic injections or going without.
“I went to fill my prescription in February, and they told me they couldn’t run my card,” Feinman told MLive. “I’ve missed two doses now. It’s definitely going to affect both my A1C (blood sugar level) and my weight loss.”
On Feb. 21, Change Healthcare announced it had been the target of a cyberattack. To protect its partners and patients, the company said it took immediate action to disconnect its systems.
The event had negative effects on pharmacies and health care providers that rely on those systems for things like claims transactions and processing, patient access and financial clearance, and provider payments.
The American Hospital Association called the cyberattack “the most significant and consequential incident of its kind against the U.S. health care system.” President and CEO Rick Pollack said the attack made it harder for hospitals to provide patient care, fill prescriptions, submit insurance claims, and receive payment for services.
Corewell Health, one of the state’s largest health systems, said Wednesday, March 20, that it remained disconnected from some of Change Healthcare’s services. However, functions like e-prescribing and most claims have resumed, reducing the impact on patients.
Local pharmacists said for a while they couldn’t verify what a customer’s insurance would cover for their medication, or how much of a copay was necessary at the transaction point. Patients had the option of paying out of pocket and pursuing reimbursement later, if they could afford the up-front cost.
“Michigan Pharmacists Association is aware of reports that the Change Healthcare outage continues to present a challenge to Michigan pharmacies and their patients,” said Mark Glasper, the association’s CEO.
“Systems used to identify patient insurance and coordinate coverage of prescriptions are, in some locations, still non-operational or inconsistently usable. It’s also important to understand these issues are not pharmacy driven, rather originating from a third-party institution. Michigan pharmacy personnel continue to work within their power to provide medications at affordable costs through all methods still at their disposal.”
While some system functions have been restored, others were still being worked on as of Thursday. Change Healthcare said it had begun testing and reestablishing connectivity to its claims network and software in a phased manner beginning the week of March 18.
“We continue to make significant progress in restoring the services impacted by this cyberattack,” said Andrew Witty, CEO of UnitedHealth Group, in a prepared statement. “We know this has been an enormous challenge for health care providers and we encourage any in need to contact us.”
One area that was still a major issue as of Wednesday was the system for processing copay coupon and discount cards like the one Feinman uses for his Ozempic.
Feinman said he’s been trying daily for at least four weeks to secure another pen using his card. He’s visited his local CVS Pharmacy and calling corporate channels for both CVS and Change Healthcare in search for answers, but to no avail.
“CVS basically says try every day to see if they can run the card,” he said. “The reps at CVS feel bad but there’s nothing they can do. They say I can pay it and mail my receipt for reimbursement, but I don’t have almost $1,000 for just one pen.”
When asked about the issue, a spokesperson for CVS provided a statement that read: “We are aware of Change Healthcare’s restoration timeline and their ongoing efforts to reestablish connectivity to its systems. Our business continuity plans remain in place to mitigate any disruptions, and we remain committed to ensuring ongoing access to care for our patients and members. We are monitoring the situation and will update our plans as necessary.”
Feinman had been on Ozempic for about 4 months. For the first month or so, he had to go through some uncomfortable side effects like nausea, diarrhea and abdominal pain.
Since then however, he said he’s felt good. He’s lost 30 pounds, and his A1C went from about 8% to 5.3%, “which is fantastic for me.” A normal A1C level is below 5.7%, while a level over 6.5% indicates diabetes.
Having to skip doses has Feinman concerned that he’ll see that progress fade and have to go through the side effects again when he finally does get back on track.
“I know I’m not the only one with this major issue,” he said.
I featured Direct Primary Care (DPC) in the MHF blog a few years ago because it's one of the great innovations of modern healthcare.
Since then, DPC docs have started their own blog. Here, one of them sounds off on the tsunami effect of this cyper attack on their fellow clinicians.
Note the particular greatness of the DPC model in this context: it grants immunity to third-party cyber attacks.
https://dpcnews.com/opinion/dpc-says-keep-the-change-we-dont-need-it/
The healthcare headlines have been dominated these past few weeks with the cyber attack on United Healthcare’s clearinghouse, Change Healthcare. Unfortunately, the national headlines have not been giving this massive story the attention it deserves.
If you’re a DPC doc, this cyber attack probably hasn’t affected you much. However, if you’re still in the fee-for-service world, especially as a small private practice, this could be your death knell.
If you’re not up to speed, Change Healthcare was the target of a massive cyber attack. This attack has halted their ability to process claims. Therefore, they have not paid out their daily average of $4.1 billion to the physicians and other healthcare providers, such as pharmacies in hospitals, in nearly 3 weeks.
Despite not paying their contracted providers, they are still collecting insurance premiums. Let that sink in.
Now, cyber attacks are our new reality. As a small business, we may someday be the victim of a cyber attack. However, what enrages me about this situation is the lack of support and empathy that UHC is offering to the healthcare providers who make their business possible.
They are offering a meager $4000 loan (LOAN!) to some offices that submit monthly claims as high as $500,000. Statements reassuring providers that they will be made whole are nowhere to be found.
It has gotten so bad, in fact, that Medicare is stepping in to help support provider offices that have been devastated by this lack of payment. Our tax dollars are now back at work to clean up the mess that is being fueled by corporate greed.
UHC has the money, they’re clearly still accepting premiums. UHC also has historical data of how much they pay these practices month over month. At a minimum, I would expect that they would float these practices their average monthly payment to ensure no disruption to patient care until they can resolve this issue.
As a DPC physician, I am largely untouched by this issue, since we don’t rely on third-party billing. However, my heart bleeds for my colleagues who are dependent on a system that continues to fail them.
If this is what Change in healthcare looks like, you can keep the Change. I will stick with direct primary care.
And... the US State Department weighs in.
How do we know this won't benefit the hackers??
Rewards for Justice – Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure
The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deploying ransomware on the targeted systems, disabling security features within the victim’s network, stealing sensitive confidential information, demanding payment to restore access, and threatening to publicize the stolen data if victims do not pay a ransom.
The group’s ransomware, also known as ALPHV BlackCat, was first deployed in November 2021.
ALPHV BlackCat operated as a ransomware-as-a-service business model in which the group’s members developed and maintained the ransomware variant and then recruited affiliates to deploy the ransomware. ALPHV BlackCat and its affiliates then shared any paid ransoms.
More information about this reward offer is located on the Rewards for Justice website at https://rewardsforjustice.net/english/malicious_cyber_activity.html . We encourage anyone with information on ALPHV BlackCat actors, their affiliates, activities, or links to a foreign government to contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).
Since its inception in 1984, RFJ has paid in excess of $250 million to more than 125 people across the globe who provided actionable information that helped resolve threats to U.S. national security. Follow us on Twitter at https://twitter.com/RFJ_USA .
https://www.upi.com/Top_News/US/2024/04/23/UnitedHealth-Group-cyberattack-blackcat/3951713899108/
UnitedHealth Group: Patient data compromised despite paying ransomware
UnitedHealth Group officials on Monday announced a February cyberattack compromised an unknown number of Change Healthcare customers despite paying a ransom. Photo by Justin Lane/EPA-EFE
April 23 (UPI) -- Officials for Minnesota-based UnitedHealth Group on Monday said the health insurance and services provider paid a ransom to protect patients' data, but many personal files were breached in a recent cyberattack.
Cyber criminals targeted subsidiary Change Healthcare in February, and UnitedHealth Group paid an undisclosed ransom amount, corporate officials announced in a news release Monday.
The cyberattack compromised the personal healthcare data of many Americans, NBC News and TechCrunch reported.
"We know this attack has caused concern and been disruptive for consumers and providers," UnitedHealth Group CEO Andrew Witty said. "We are committed to doing everything possible to help and provide support to anyone who may need it."
Witty said it will take several months for UnitedHealth Group to continually analyze the data breach to identify those whose personal data was compromised and notify them.
The analysis includes monitoring the dark web and Internet to see if anyone's breached data was published. It also is utilizing information from 22 screenshots of alleged personal health and identity information that were published for about a week on the dark web by a "malicious actor," UnitedHealth Group officials said.
Corporate officials are communicating with law enforcement while undertaking the extended analysis to determine the full extent of data breached by the cyberattack.
UnitedHealth Group officials said the corporation "has made continued strong progress restoring services impacted by the event" and "prioritized the restoration of services that impact patient access to care or medication."
Medical claims processing and pharmacy services are nearly at normal levels, and payment processing for Change Healthcare is at about 86% of its normal levels and improving daily, UnitedHealth Group officials said.
The healthcare provider in February identified the BlackCat ransomware gang as the perpetrators of the cyberattack.
Investigators with the Department of Health and Human Services in March began investigating the cyberattack.
It's an incredibly huge mess.
I'm starting a new thread in the Federal section about Congressional hearings.
Much worse than we were told. UnitedHealth paid at least two ransoms to these thieves:
UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach
January 24, 2025UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.
The U.S. health insurance giant confirmed the latest number to TechCrunch on Friday after the markets closed.
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a spokesperson for UnitedHealth Group in an email to TechCrunch. “The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.”
UnitedHealth’s spokesperson said the company was “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.”
The February 2024 cyberattack is the largest breach of medical data in U.S. history and caused months of outages across the U.S. healthcare system. Change Healthcare, a health tech giant and UnitedHealth subsidiary, is one of the largest handlers of health, medical data, and patient records; it’s also one of the biggest processors of healthcare claims in the United States.
The data breach resulted in the theft of massive quantities of health and insurance-related information, some of which was published online by the hackers who claimed responsibility for the breach. Change Healthcare subsequently paid at least two ransoms to prevent further publication of the stolen files.
UnitedHealth previously put the number of affected individuals at around 100 million people when the company filed its preliminary analysis with the Office for Civil Rights, the unit under the U.S. Department of Health and Human Services that investigates data breaches.
In its data breach notice, Change Healthcare said that the cybercriminals stole names and addresses, dates of birth, phone numbers, email addresses, and government identity documents, which included Social Security numbers, driver’s license numbers, and passport numbers. The stolen health data also includes diagnoses, medications, test results, imaging, and care and treatment plans, as well as health insurance information. Change said the data also includes financial and banking information found in patient claims.
The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. According to testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers last year, the hackers broke into Change’s systems using a stolen account credential, which was not protected with multi-factor authentication.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
Friends of MHF
Kirsten DeVries
Tom & Karen Nunheimer
Steve Ahonen
Ron & Faith Bosserman
Marlin & Kathy Klumpp
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
