- 23 highest-paid healthcare CEOs: Wall Street Journal
- Novant Health appoints value intelligence leader
- Michigan bill would cut hospital prices by 10% and ‘exacerbate’ affordability challenges: MHA
- Ensemble launches ‘Office of the CFO’ for revenue cycle clients
- Employer-sponsored insurance premiums could drop 6.5% with anticompetitive hospital contracting ban: White House
- Former Kindred exec returns to ScionHealth: 5 things to know
- 10 hospitals seeking CEOs
- Vandalia Health taps new vice president of external affairs and government relations
- Indiana moves to cap hospital prices
- Building cost consciousness into everyday surgical practice
- The physician career platform built by clinicians just hit 100,000 users
- What PE ownership actually does to physician practices
- Midlife Strength Training Linked to Lower Diabetes Risk
- Sunscreen Misinformation Popular On TikTok, Study Finds
- Patient Portal Messages Double, Doctors Face Rising Workload
- Most Americans Unaware Of Link Between Alcohol And Cancer — And Aren't Interested In Spreading The Word, Either
- Kids’ Juice And Soda Intake Linked To Higher Blood Pressure Risk As Young Adults
- Indiana Takes On Powerful Hospitals By Capping Prices They Charge Employers
- Worried About Your Aging Parents? Welcome to the Caregiving Club
- Medicare’s AI Push Snarls Patients and Doctors in Errors and Delays
- Novartis’ ‘Relax Your Tight End’ prostate cancer campaign wins Cannes Lions Pharma Grand Prix
- ‘I would love to tell Mark Cuban to get involved’: What physician consolidation is costing patients
- Illinois passes bill regulating dental reimbursement practices
- The shifting dental care landscape
- Harvard to end faculty dental practice, transfer clinic to private owner due to financial constraints
- A physician’s plan to bring back practice autonomy to South Carolina
- Cardiologists push back on expansion of WISeR model
- Are ASCs ready for CMS’ new oversight rules?
- MCNA Dental agrees to multimillion-dollar settlement over 2023 ransomware attack
- Former Iowa dental office employee accused of using patient financial information for personal purchases
- Optum Behavioral Health names chief medical officer
- Stark law’s $632 million reckoning: The 5 biggest cases in 5 years
- ASCs’ robot evidence problem
- United Concordia expands dental coverage for patients with chronic conditions
- Who’s winning, losing the physician practice acquisition race?
- OIG flags Pennsylvania behavioral insurer for faulty prior auth denials
- Independence Health to open 28-bed behavioral health unit
- ICON Dental Partners appoints VP of dental partnerships
- These 'socially responsible' hospitals deliver on quality, value and equity
- A look at Elevance Health's push to streamline clinical reviews
- Heartland Dental adds Missouri practice
- 4 dentists making headlines
- Growing ketamine use raises safety concerns
- AI’s growing role in mental healthcare: 5 notes
- Does ASC consolidation have a ceiling?
- Whistleblower suit accuses Genentech, Novartis of running decades-long kickback scheme on allergy med Xolair
- Big obesity bets and China's rise fuel potential $2T in 2032 drug sales: Evaluate
- Patient portal messages doubled since 2020, study finds, underscoring challenges to physician workloads
- HCSC unveils Easify Edge plans as alternative employer option
- Clover Hill Dairy Recalls All Cheese in Deadly Listeria Outbreak
- Ensemble Health Partners secures strategic growth investment from Thoreau
- Hospital margins inched higher in April, but still remain below 2025
- Middle-Aged Women Drink More, Know Less About Breast Cancer Risk
- CMS Proposes TAVR Medicare Coverage is Potential Boost for Edwards Lifesciences
- CARsgen makes history as China approves world's first CAR-T therapy for solid tumors
- High Hurdles Thwart Kidney Patients' Pursuit Of Life-Saving Transplants
- Rising Healthcare Costs Leave Many Americans Less Secure
- Short Videos Help First-Time Dads Learn Newborn Safety Basics
- Federal Push To Increase U.S. Primary Care Docs Has Fizzled, Study Says
- US to investigate Germany's proposed drug spending reforms
- Alnylam scolded over promotional activity after Pfizer complaint
- Real-world data powers next-gen biopharma
- They're Uninsured After Obamacare Became Too Costly. And They're Far From Alone.
- Indiana Takes On Powerful Hospitals by Capping Prices They Charge Employers
- Prosper AI lands $30M backed by Andreessen Horowitz to build AI workforce for healthcare operations
- Eli Lilly, Novo Nordisk top AI citation share as new report questions DTC spend culture
- Fish Oil Supplements May Be A Bust For Alzheimer's Prevention
- Prehab Can Boost Seniors' Recuperation From Spinal Fusion Surgery, Trial Finds
- Dog Owners Feel Similar Grief Whether Pets Euthanized, Die Naturally
- Ozempic Might Cut Risk Of Broken Bones, Study Says
- Massage Guns Can Cause Eye Damage, Vision Loss, Case Report Warns
- A 5-month sprint: Behind Pfizer’s $10B deal and Innovent’s global pharma ambition
- 1st free dental clinic opens in New Jersey
- 8 new behavioral health projects to know
- Oregon prosecutors urge state to fix mental health system
- The case for layering behavioral healthcare models
- Rural, independent Kansas hospitals launch clinically integrated network
- 12 behavioral health services, facility closures | 2026
- Higher, short-acting opioid doses linked to 8% lower discharge risk: 4 notes
- FTC orders Aurobindo to divest 4 drugs to complete $250M Lannett acquisition
- Congressional Budget Office calls for more research on No Surprises Act unintended impacts
- HHS opens applications for $700M in mental health, addiction funding, with $96M for new STREETS program
- Ebola Infections Climb, Could Take Year To Contain, Health Officials Say
- Why a deviation investigation still takes two weeks in the age of AI
- Feeling Sleepy During the Day? It Could Be a Warning Sign for High Blood Pressure
- FTC, states sue transgender health association over 'misleading' gender care guidance
- Healthcare organizations still struggle to operationalize AI at scale: Arcadia survey
- Pfizer hunts for new CFO as Denton prepares to hang up gloves, wave goodbye to pharma
- Major League Pitchers Might Avoid Elbow Injuries By Altering Their Approach, Simulation Suggests
- Birth Control Pills Might Increase Binge Eating Risk, Study Finds
- Women Might Lower Their Heart Risk By Lifting Weights, Study Says
- Personalized Brain Implant Provides Step-By-Step Walking Boost For Parkinson's Patients
- Amid industry’s cell therapy automation push, Cellares and Ori dominate the field: report
- Most Americans Are Surviving Cancer. But The Mental Health Challenges Can Persist.
- Listen to the Latest ‘KFF Health News Minute’
- Readers Curse Medical Debt and Defend Spelling Therapy
- Sandwiched Between Caring for Kids and Aging Parents? Reach Out for Resources
- Arrests of Immigrant Parents Create Mental Health Crisis for Children
- Novo's success with oral Wegovy has been fueled by 'familiarity': Spherix
- Preparing for LEAD: Why post-acute visibility is the key to long-term value-based success
- One Medical Seniors reports data breach of third-party vendor impacting 'limited' number of patients
- A look at Epic's long-term play to build tech for operations, starting with scheduling
- U.K. Moves To Ban Social Media For Children
- Pregnant Woman Exposed to 45 Common Chemicals, Study Finds
- OhioHealth reaches settlement with DOJ, Ohio AG on antitrust lawsuit
- 4 years after snub, GSK partnership helps Spero get Utebzi across FDA finish line
- Despite 'decent' data, Verastem rethinks options for approved oncology combo in pancreatic cancer
- OIG report raises red flags about maternal health 'ghost networks' in Medicaid managed care
- Why It’s Time to Sunset AI Point Solutions and Consolidate Platforms
- Lantern, Marathon Health team up to launch integrated care management model
- The New Frontier of Care Management: Bridging the Empathy Gap with Intelligence
- Novo Nordisk opens Czech plant and unveils $29M upgrade to China facility
- GSK runs first DTC ad for would-be asthma blockbuster Exdensur
- Novo security breach claimed by hacking groups seeking multi-million-dollar ransoms: reports
- After FDA sign-off, Colorado's drug import plan faces tough road ahead
- Lower Risk Of Death, Clots Among Autoimmune Patients Taking GLP-1 Drugs
- Surgical Menopause Tied To Worse Sexual And Urinary Symptoms
- Post-Op Delirium Common In Seniors, But Not All Hospitals Screen For It
- Nortiva purrs into action with long-acting Lynx platform salvaged from Langer startup
- Weekly Rundown: Lumeris adds symptom-checking tool to AI platform; DeepIntent rolls out agentic AI tool for healthcare marketers
- Before you build or buy care navigation AI, answer this
- Early-Onset Cancers Are On The Rise. Knowing Your Family History Is Crucial.
- Minimally Invasive Procedure Eases Arthritis Knee Pain, Study Finds
- Tennessee Pharmacies Sell Potent Ivermectin, Led by Anti-Vaccine Doctor Who’s Taken ‘Bucketloads’
- More Americans Are Surviving Cancer. But the Mental Health Challenges Can Persist.
- Democrats Seek To Spotlight Rising Health Costs by Forcing Vote on Trump Regulation
- Big Pharma’s Big Brand: Inside Eli Lilly’s marketing culture
- CDC, FDA Tackle New World Screwworm, Including Drug Authorization
- Lifestyle Changes Can Reduce Your Risk For Multiple Chronic Diseases
- People Walk, Exercise Less After Starting Ozempic, Zepbound
- Family Finances Shape Children’s Brain Development, Study Finds
- At-Home Blood Pressure Monitoring Reduces Risk of Heart Attack, Stroke
- Long-Awaited Rule Aims To Boost ACA Choices While Embracing Higher Deductibles
- Many Men Are Prescribed Testosterone Without Proper Testing
- Organic Baby Formula Recalled Following Botulism Cases
- Remarks to the US-CEE Connection: Transatlantic Challenges in Law, Business & Policy
- Statement Regarding Minimum Pricing Increments and Access Fee Caps
- Statement at the SEC Open Meeting on the Trade-Through Rule and Locked and Crossed Markets Provisions of Regulation NMS
- Disorder Protection Rule: Statement on the Proposed Amendments to Rule 611 and Other Provisions of Regulation NMS
- Statement on the Proposed Amendments to Regulation NMS
- Beyond China and Japan: How biopharma is expanding rare disease access across Asia-Pacific
- This Old House: Improving and Remodeling Our Registered Offering and Filer Status Regimes
- Peirce Out: Remarks at the U.S. Chamber of Commerce Capital Markets Summit
- Medtronic Advances Hugo Robotic Surgery Platform with Key FDA Filings and Product Approvals
- Medtronic Posts Strongest Revenue Growth in a Decade, Driven by Cardiovascular and Surgical Businesses
- Boston Scientific Plans Indiana Distribution Center, 300 New Jobs
- “Harmonization: We’ll Have Lots to Talk About”
- Remarks at the Investor Advisory Committee Meeting
- A Quarter for Your Thoughts: Remarks at the Meeting of the SEC Investor Advisory Committee
- Remarks at the Investor Advisory Committee Meeting
Michigan healthcare freedom community forum
Originally, this cyberattack on UnitedHealth subsidiary Change Healthcare was reported as a minor event affecting a few pharmacies in Michigan's Thumb region. It is actually far more extensive and is now crippling pharmacies across the nation:
https://www.healthcaredive.com/news/change-cyberattack-unitedhealth-nation-state/708328/
UnitedHealth suspects ‘nation-state’ behind Change cyberattack
Pharmacies and providers nationwide are struggling to process prescriptions following the attack.
Dive Brief:
- UnitedHealth suspects a “nation-state” is behind the cyberattack on its revenue cycle management subsidiary Change Healthcare, the healthcare conglomerate said in a filing with the Securities and Exchange Commission on Thursday.
- Change reported disruptions to its applications on Wednesday before taking its systems offline, citing an “outside threat.” The company handles 15 billion payment transactions each year, and is one of the largest commercial prescription processors in the U.S.
- Pharmacies and other providers nationwide — including military facilities — have reported struggles processing prescriptions as a result of the outage. On Thursday, the American Hospital Association urged hospitals to disconnect from Optum, the UnitedHealth division that includes Change, and check their systems following the attack.
Dive Insight:
Hackers associated with nation-states are to blame for some of the most disruptive cyberattacks in the U.S., including in the healthcare industry.
A series of cyberattacks starting in 2014 against health insurer Anthem, now called Elevance, led to the largest U.S. health data breach in history, exposing the information of almost 79 million people. A cyber group affiliated with China was behind the attack, according to the U.S. government.
Nation-state adversaries including China, Russia, North Korea and Iran pose an “elevated threat” to national security, according to the Cybersecurity and Infrastructure Security Agency.
Attacks from nation-states are aimed at prolonged network intrusion, allowing for espionage, data theft and system disruption, according to CISA.
As geopolitical unrest increases, including from Russia’s invasion of Ukraine and the Israel-Hamas war, so does the threat of cyberattacks in an industry where operational downtime can cause steep financial losses and contribute to worsening patient health, experts say.
UnitedHealth did not identify the country it believes is behind Change attack. When asked for more information, a spokesperson for the company shared Change’s original statement from Wednesday.
It’s hard to determine which nation-state could be behind the attack without knowing more, according to Deron Grzetich, head of cybersecurity at consultancy West Monroe. But the perpetrator likely wasn’t North Korea, which uses ransomware in most of its attacks to gather funds for the country, Grzetich said in an interview.
The cyberattack is isolated to Change, and UnitedHealth’s other operations are unaffected, according to the company.
Change, one of UnitedHealth’s numerous subsidiaries, is one of the largest health technology companies in the U.S., providing payment, clinical and patient engagement services for health insurers, providers and pharmacies.
One in three patient records in the U.S. are “touched by our clinical connectivity solutions,” according to Change’s website.
The company provides technology services for more than 67,000 pharmacies. After Change took down its systems, many pharmacies have been unable to verify patients’ insurance coverage, determine copayment amounts or perform other operations necessary to process prescriptions.
Military healthcare program Tricare says on its website that military clinics and hospitals will be providing prescriptions manually until the cyberattack is resolved.
Other pharmacies that have said they’re having difficulty or are unable to process prescriptions include Scheurer Health in Michigan; 22nd Medical Group in Kansas; and Knight’s Pharmacy in Kentucky.
“Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain health care technologies and clinical authorizations provided by Optum across the health care sector,” the AHA said in a Thursday notice to its members.
UnitedHealth is working to restore systems and resume normal operations “as soon as possible, but cannot estimate the duration or extent of the disruption at this time,” the SEC filing says.
As of Friday morning, many of Change’s log-in systems were still down.
West Monroe’s Grzetich said it’s interesting that a nation-state is behind the attack, given an unclear motivation for wanting to disrupt U.S. pharmacy functions. The country could be after data to help its intelligence operations, he said.
Change, which UnitedHealth acquired for $13 billion in 2022, is the latest victim of cybercriminals targeting the healthcare sector.
Cyberattacks against healthcare organizations have been mounting, with recent high-profile attacks against Lurie Children’s Hospital in Chicago and Ardent Health Services, a multistate hospital operator. Experts say healthcare organizations may be more vulnerable to cyberattacks than organizations in other industries, due to decades of underfunding of cybersecurity protocols.
This hack is becoming a really big story as it continues to disrupt pharmacies:
UnitedHealth hackers say they stole 'millions' of records, then delete statement
By Raphael Satter - February 28, 2024WASHINGTON, Feb 28 (Reuters) - In a message posted to, and then quickly deleted from their darknet site, the hackers blamed for striking the UnitedHealth Group said on Wednesday they stole millions of sensitive records, including medical insurance and health data, from the company.
In its claim of responsibility, the group known as "Blackcat" or "ALPHV" posted a statement to its site saying it had stolen 8 terabytes of data from UnitedHealth, according to screenshots of the posting shared online by cybersecurity researchers.
UnitedHealth, whose Change Healthcare unit was at the center of the breach, said it was aware of the statement and was "looking into it."Blackcat said it stole data from partners including Medicare, the U.S. military medical health agency Tricare, CVS Health (CVS.N), opens new tab and other companies.
The claim was swiftly removed without explanation. Reuters attempts to reach the hackers have been so far unsuccessful and the news agency had no immediate way to verify the claims, which weren't backed up with any data or screenshots.
The Centers for Medicare and Medicaid Services did not immediately return a message seeking comment. Tricare, which has said all of its military pharmacies were impacted by the hack, also did not immediately return a message seeking comment.In a statement, CVS said it was aware of the hackers' statement but that, "at this time, Change Healthcare has not confirmed whether any CVS Health member or patient information that it holds, including CVS Caremark information, was impacted by this incident."
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, said there could be several reasons why the hackers would make an inflamatory statement and then delete it.
One possibility was that the hackers had entered ransom negotiations with UnitedHealth, or that the talks had entered a new phase. It was also possible the hackers were trying to gin up attention in a bid to force the healthcare company to come to the negotiating table. Or maybe the hackers just thought the better of it and "decided they didn't want so much attention at this particular point in time."
Blackcat has a history of disruptive hacks, including attacks on MGM Resorts International and Caesars Entertainment that snarled operations at hotels and casinos last year.
UnitedHealth now blames a Russian cybergang known as Black Cat, or AlphV, for the attack, but the FBI supposedly dismantled this gang in December. Someone is lying:
https://www.npr.org/2024/03/01/1235255804/pharmacies-ransomware-prescriptions-unitedhealth
Health care company ties Russian-linked cybercriminals to prescriptions breach
By Jenna McLaughlin - March 1, 2024A ransomware attack is disrupting pharmacies and hospitals nationwide, leaving patients with problems filling prescriptions or seeking medical treatment.
On Thursday, UnitedHealth Group accused a notorious ransomware gang known as Black Cat, or AlphV, of hacking health care payment systems across the country.
Last week, the top health insurance company disclosed that its subsidiary, Optum, was impacted by a "cybersecurity issue," leading to its digital health care payment platform, known as Change Healthcare, being knocked offline.
As a result, hospitals, pharmacies and other health care providers have either been unable to access the popular payment platform, or have purposefully shut off connections to its network to prevent the hackers from gaining further access.
UnitedHealth says that as of Monday it estimated that more than 90% of 70,000 pharmacies in the U.S. have had to change how they process electronic claims as a result of the outage.
While the company has set up a website to track the ongoing outage, reassuring customers that there are "workarounds" to ensure access to medications, the outage could last "weeks," according to a UnitedHealth executive who spoke on a conference call with cybersecurity officers, a recording of which was obtained by STAT News.
After hiring multiple outside firms, including top cybersecurity companies Mandiant and Palo Alto Networks, UnitedHealth released its conclusion that BlackCat, or AlphV, is behind the breach, a conclusion bolstered by the group itself originally claiming credit on its dark web leak site. The post has since been taken down.
"Hacked the hackers"
However, the fact that the ransomware gang may be responsible is also something of a twist.
Just a few months ago, the FBI broke into the groups' internal servers, stealing information about decryption tools for victims and seizing control of several of its websites. The U.S. government celebrated the disruption, a major operation with multiple foreign governments involved. "In disrupting the Black Cat ransomware group, the Justice Department has once again hacked the hackers," said Deputy Attorney General Lisa Monaco in a news release.
Black Cat's seeming ability to regroup and breach one of the largest health care entities in the U.S. demonstrates how challenging it is to hamper these groups long-term.
Cybercriminals frequently reassemble after experiencing setbacks, particularly when their operators are located in countries whose law enforcement agencies are lax about prosecuting their crimes.
That's especially true in Russia. While researchers have not definitively tied BlackCat to Russia or its government, they've concluded it is a Russian-speaking group. U.S. intelligence officials have spoken frequently about the Russian government's willingness to turn a blind eye to cybercrime, in exchange for the hackers' service in intelligence operations. That has been especially true during the war in Ukraine.
In addition to the health care breach, Black Cat also recently claimed to have stolen classified documents and sensitive personal data about Department of Defense employees from U.S. federal contractors.
WIRED reports more from this story's cyber shadows - lawbreakers, law enforcement, and legal data collectors.
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.The ransomware attack targeting medical firm Change Healthcare has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV or BlackCat, received a $22 million transaction that looks very much like a large ransom payment.
On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers who work with the group to penetrate victim networks—posted to the cybercriminal underground forum RAMP that AlphV had cheated them out of their share of the Change Healthcare ransom, pointing to the https://www.blockchain.com/explorer/addresses/btc/14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b" }">publicly visible $22 million transaction on Bitcoin's blockchain as proof.
A spokesperson for Change Healthcare, which is owned by UnitedHealth Group, declined to answer whether it had paid a ransom to AlphV, telling WIRED only that “we are focused on the investigation right now.”
Both Recorded Future and TRM Labs, a blockchain analysis firm, connect the Bitcoin address that received the $22 million payment to the AlphV hackers. TRM Labs says it can link the address to payments from two other AlphV victims in January.
If Change Healthcare did pay a $22 million ransom, it would not only represent a huge payday for AlphV, but also a dangerous precedent for the health care industry, argues Brett Callow, a ransomware-focused researcher with security firm Emsisoft. Every ransomware payment, he says, both funds future attacks by the group responsible and suggests to other ransomware predators that they should try the same playbook—in this case, attacking health care services that patients depend on.
“If Change did pay, it's problematic,” says Callow. “It highlights the profitability of attacks on the health care sector. Ransomware gangs are nothing if not predictable: If they find a particular sector to be lucrative, they’ll attack it over and over again, rinse and repeat.”
The self-described AlphV affiliate who first posted evidence of the payment on RAMP, and who goes by the name “notchy,” complained that AlphV had apparently collected the $22 million ransom from Change Healthcare and then kept the entire sum, rather than share the profits with their hacking partner as they had allegedly agreed. “Be careful everyone and stop deal with ALPHV," notchy wrote.
That affiliate hacker also wrote that in their penetration of Change Healthcare's network, they had accessed the data of numerous other health care firms partnered with the company. If that claim is accurate, Recorded Future's Smilyanets points out, it creates the additional risk that the affiliate hacker still possesses sensitive medical information. Even if Change Healthcare did pay AlphV, the hacker affiliate could still demand additional payment or leak the data independently.“The affiliates still have this data, and they’re mad they didn’t receive this money,” says Smilyanets. “It’s a good lesson for everyone. You cannot trust criminals; their word is worth nothing.”
As ransomware payments go, $22 million would represent a remarkably profitable score for AlphV. Only a relatively small number of ransoms in the history of ransomware, such as the $40 million payment made by the financial firm CNA to the hackers known as Evil Corp, have been so large, says Emsisoft's Callow. “It’s not without precedent, but it’s certainly very unusual,” he says.
Regardless of whether Change Healthcare is confirmed to have paid that ransom, the attack shows that AlphV has pulled off a disturbing comeback: In December, it was the target of an FBI operation that seized its dark web sites and released decryption keys that foiled its attacks on hundreds of victims. Just two months later, it carried out the cyberattack that paralyzed Change Healthcare, triggering an outage whose effects on pharmacies and their patients have now stretched well beyond a week. As of last Tuesday, AlphV listed 28 companies on the dark web site it uses to extort its victims, not including Change Healthcare.
That site has now gone offline. As of Tuesday morning, it displayed what appeared to be a law enforcement seizure notice, but security researcher Fabian Wosar points out that the notice https://twitter.com/fwosar" }">seems to have been copied from AlphV's last takedown. The reason for the group's disappearance—whether due to another law enforcement operation or AlphV's attempts to dodge its own cheated affiliates—is unclear. Ransomware trackers say AlphV has disappeared and rebranded several times before. Earlier incarnations under the name BlackCat, BlackMatter, and Darkside were all more or less the same group, security researchers note.
In fact, the hackers working under that Darkside handle were responsible for the 2021 Colonial Pipeline ransomware attack that triggered the shutdown of gas transportation across the Eastern Seaboard of the US and resulted in a brief fuel shortage in some East Coast cities. In that case, too, the victims paid the hackers' ransom. “It was the hardest decision I've made,” Colonial's CEO Joseph Blount later told a US congressional hearing.
Now, it seems, some of the same hackers may have forced yet another company to make that same hard decision.
Update 3/4/2024, 1:50 pm EST: Included additional contextual details about AlphV and related ransomware attacks.
Updated 3/5/2024, 10:30 am EST to note that AlphV's dark web site now displays what appears to be a law enforcement takedown message.
https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/
Andy Greenberg is a senior writer for WIRED, covering hacking, cybersecurity and surveillance. He’s the author of the new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. His last book was Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books and excerpts from them published in WIRED have won awards including two Gerald Loeb Awards for distinguished business and financial reporting, a Sigma Delta Chi Award from the Society of Professional Journalists and the Cornelius Ryan Citation for Excellence from the Overseas Press Club. Greenberg works in WIRED's New York office.
The Change Healthcare hack has become very expensive. Who pays for it?
UnitedHealth says advanced over $2 bln in payments to providersBy Bhanvi Satija and Sriparna Roy in Bengaluru; March 18, 2024
(Reuters) - UnitedHealth Group (UNH.N) said on Monday it has advanced payments of over $2 billion so far to provide assistance to healthcare providers, financially affected following a cybersecurity attack on its technology unit, Change Healthcare.
The company said it will start releasing its medical claims software on Monday and it will become available to "thousands of customers" over the next several days.
Change Healthcare, which was hit by a cyberattack on Feb. 21, is a vital lynchpin in the system for making and clearing insurance claims as it processes about 50% of medical claims in the United States for around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals and 600 laboratories.
UnitedHealth last week restored its payments processing and pharmacy network services after days of disruption following the cyberattack.
The company said on Monday it will continue restoration of remaining services until all customers have been connected.
UnitedHealth said it has suspended paperwork required to get approval for insurance coverage for most outpatient services, as well as review of inpatient admissions for government-backed Medicare Advantage plans to help those impacted.
What a mess.
Morning Brew gave this synopsis one week ago:
Quote: “We’re hemorrhaging money.”
Thousands of smaller medical practices, like one outside Philly managed by Catherine Reinheimer, are still unable to process insurance payments more than two weeks after a cyberattack disrupted the computer networks of Change Healthcare, the largest billing and payment clearinghouse in the US, CNN reported. Change is part of UnitedHealth Group, which says it is still weeks away from restoring the system that remits payments to providers, some of whom have been forced to take out loans to stay afloat. Experts say the US healthcare system is losing $100 million each day from the disruption.
One month after the attack, Change Healthcare brings their AWS account back on line:
Change Healthcare restores Amazon cloud services after cyberattack
By Giles Bruce - March 21, 2024Change Healthcare said it has reinstated Amazon cloud services for two of its platforms a month into a cyberattack against the company.
The UnitedHealth Group and Optum subsidiary said March 20 it restored Amazon Web Services from backups for Assurance, a claims and remittance management program, and claims clearinghouse Relay Exchange. Change said it rebuilt authentication services for the solutions on a new network with the help of cybersecurity firms Palo Alto Networks and Mandiant, a Google subsidiary. The company said it is also testing the security of the external-facing parts of those applications.
Change took IT systems offline Feb. 21 after experiencing a ransomware attack, disrupting payment and pharmacy services for hospitals, health systems and healthcare organizations across the country. The company has since been incrementally restoring its applications. Cybersecurity experts have told Becker's that cyberattacks of this magnitude can last at least a month.
"We have taken every precaution and safety measure and implemented several rounds of security protocols — both internally and with our third-party partners — to ensure complete confidence in the platform," Change said March 20. "As we've stated, our Optum, UnitedHealthcare and UnitedHealth Group systems remain safe and were not affected by this issue. We regularly scan those environments and continue to validate they were not impacted. Anything currently functioning means we have full confidence in it."
This has to be the most costly cyberattack in healthcare history.
Many lawsuits are now being filed against UnitedHealth Group in the largest healthcare cyberattack to date, but the pain continues for patients who use their services:
Drug delays, skyrocketing prices an ongoing effect of massive cyberattack
By Justin P. Hicks | March 22, 2024Frustrated patients in Michigan and around the country have had to pay out of pocket for medicine for chronic diseases and other illnesses or go without in the fallout from a cyberattack of a major health care company.
The tech company, Change Healthcare, has restored access to many of its systems in the weeks since the Feb. 21 attack announcement. However, some services remained down as of Thursday, March 21, including the system that processes discount/savings cards to bring down drug prices for patients.
Brian Feinman is one such patient.
The 53-year-old former nurse from Grass Lake typically pays $25 per month for his Type 2 diabetes medication, thanks to a savings card program offered by Ozempic manufacturer Novo Nordisk.
But in the aftermath of the cyberattack against Tennessee-based Change Healthcare, Feinman has had to choose between paying $953 for his weekly Ozempic injections or going without.
“I went to fill my prescription in February, and they told me they couldn’t run my card,” Feinman told MLive. “I’ve missed two doses now. It’s definitely going to affect both my A1C (blood sugar level) and my weight loss.”
On Feb. 21, Change Healthcare announced it had been the target of a cyberattack. To protect its partners and patients, the company said it took immediate action to disconnect its systems.
The event had negative effects on pharmacies and health care providers that rely on those systems for things like claims transactions and processing, patient access and financial clearance, and provider payments.
The American Hospital Association called the cyberattack “the most significant and consequential incident of its kind against the U.S. health care system.” President and CEO Rick Pollack said the attack made it harder for hospitals to provide patient care, fill prescriptions, submit insurance claims, and receive payment for services.
Corewell Health, one of the state’s largest health systems, said Wednesday, March 20, that it remained disconnected from some of Change Healthcare’s services. However, functions like e-prescribing and most claims have resumed, reducing the impact on patients.
Local pharmacists said for a while they couldn’t verify what a customer’s insurance would cover for their medication, or how much of a copay was necessary at the transaction point. Patients had the option of paying out of pocket and pursuing reimbursement later, if they could afford the up-front cost.
“Michigan Pharmacists Association is aware of reports that the Change Healthcare outage continues to present a challenge to Michigan pharmacies and their patients,” said Mark Glasper, the association’s CEO.
“Systems used to identify patient insurance and coordinate coverage of prescriptions are, in some locations, still non-operational or inconsistently usable. It’s also important to understand these issues are not pharmacy driven, rather originating from a third-party institution. Michigan pharmacy personnel continue to work within their power to provide medications at affordable costs through all methods still at their disposal.”
While some system functions have been restored, others were still being worked on as of Thursday. Change Healthcare said it had begun testing and reestablishing connectivity to its claims network and software in a phased manner beginning the week of March 18.
“We continue to make significant progress in restoring the services impacted by this cyberattack,” said Andrew Witty, CEO of UnitedHealth Group, in a prepared statement. “We know this has been an enormous challenge for health care providers and we encourage any in need to contact us.”
One area that was still a major issue as of Wednesday was the system for processing copay coupon and discount cards like the one Feinman uses for his Ozempic.
Feinman said he’s been trying daily for at least four weeks to secure another pen using his card. He’s visited his local CVS Pharmacy and calling corporate channels for both CVS and Change Healthcare in search for answers, but to no avail.
“CVS basically says try every day to see if they can run the card,” he said. “The reps at CVS feel bad but there’s nothing they can do. They say I can pay it and mail my receipt for reimbursement, but I don’t have almost $1,000 for just one pen.”
When asked about the issue, a spokesperson for CVS provided a statement that read: “We are aware of Change Healthcare’s restoration timeline and their ongoing efforts to reestablish connectivity to its systems. Our business continuity plans remain in place to mitigate any disruptions, and we remain committed to ensuring ongoing access to care for our patients and members. We are monitoring the situation and will update our plans as necessary.”
Feinman had been on Ozempic for about 4 months. For the first month or so, he had to go through some uncomfortable side effects like nausea, diarrhea and abdominal pain.
Since then however, he said he’s felt good. He’s lost 30 pounds, and his A1C went from about 8% to 5.3%, “which is fantastic for me.” A normal A1C level is below 5.7%, while a level over 6.5% indicates diabetes.
Having to skip doses has Feinman concerned that he’ll see that progress fade and have to go through the side effects again when he finally does get back on track.
“I know I’m not the only one with this major issue,” he said.
I featured Direct Primary Care (DPC) in the MHF blog a few years ago because it's one of the great innovations of modern healthcare.
Since then, DPC docs have started their own blog. Here, one of them sounds off on the tsunami effect of this cyper attack on their fellow clinicians.
Note the particular greatness of the DPC model in this context: it grants immunity to third-party cyber attacks.
https://dpcnews.com/opinion/dpc-says-keep-the-change-we-dont-need-it/
The healthcare headlines have been dominated these past few weeks with the cyber attack on United Healthcare’s clearinghouse, Change Healthcare. Unfortunately, the national headlines have not been giving this massive story the attention it deserves.
If you’re a DPC doc, this cyber attack probably hasn’t affected you much. However, if you’re still in the fee-for-service world, especially as a small private practice, this could be your death knell.
If you’re not up to speed, Change Healthcare was the target of a massive cyber attack. This attack has halted their ability to process claims. Therefore, they have not paid out their daily average of $4.1 billion to the physicians and other healthcare providers, such as pharmacies in hospitals, in nearly 3 weeks.
Despite not paying their contracted providers, they are still collecting insurance premiums. Let that sink in.
Now, cyber attacks are our new reality. As a small business, we may someday be the victim of a cyber attack. However, what enrages me about this situation is the lack of support and empathy that UHC is offering to the healthcare providers who make their business possible.
They are offering a meager $4000 loan (LOAN!) to some offices that submit monthly claims as high as $500,000. Statements reassuring providers that they will be made whole are nowhere to be found.
It has gotten so bad, in fact, that Medicare is stepping in to help support provider offices that have been devastated by this lack of payment. Our tax dollars are now back at work to clean up the mess that is being fueled by corporate greed.
UHC has the money, they’re clearly still accepting premiums. UHC also has historical data of how much they pay these practices month over month. At a minimum, I would expect that they would float these practices their average monthly payment to ensure no disruption to patient care until they can resolve this issue.
As a DPC physician, I am largely untouched by this issue, since we don’t rely on third-party billing. However, my heart bleeds for my colleagues who are dependent on a system that continues to fail them.
If this is what Change in healthcare looks like, you can keep the Change. I will stick with direct primary care.
And... the US State Department weighs in.
How do we know this won't benefit the hackers??
Rewards for Justice – Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure
The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deploying ransomware on the targeted systems, disabling security features within the victim’s network, stealing sensitive confidential information, demanding payment to restore access, and threatening to publicize the stolen data if victims do not pay a ransom.
The group’s ransomware, also known as ALPHV BlackCat, was first deployed in November 2021.
ALPHV BlackCat operated as a ransomware-as-a-service business model in which the group’s members developed and maintained the ransomware variant and then recruited affiliates to deploy the ransomware. ALPHV BlackCat and its affiliates then shared any paid ransoms.
More information about this reward offer is located on the Rewards for Justice website at https://rewardsforjustice.net/english/malicious_cyber_activity.html . We encourage anyone with information on ALPHV BlackCat actors, their affiliates, activities, or links to a foreign government to contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).
Since its inception in 1984, RFJ has paid in excess of $250 million to more than 125 people across the globe who provided actionable information that helped resolve threats to U.S. national security. Follow us on Twitter at https://twitter.com/RFJ_USA .
https://www.upi.com/Top_News/US/2024/04/23/UnitedHealth-Group-cyberattack-blackcat/3951713899108/
UnitedHealth Group: Patient data compromised despite paying ransomware
UnitedHealth Group officials on Monday announced a February cyberattack compromised an unknown number of Change Healthcare customers despite paying a ransom. Photo by Justin Lane/EPA-EFE
April 23 (UPI) -- Officials for Minnesota-based UnitedHealth Group on Monday said the health insurance and services provider paid a ransom to protect patients' data, but many personal files were breached in a recent cyberattack.
Cyber criminals targeted subsidiary Change Healthcare in February, and UnitedHealth Group paid an undisclosed ransom amount, corporate officials announced in a news release Monday.
The cyberattack compromised the personal healthcare data of many Americans, NBC News and TechCrunch reported.
"We know this attack has caused concern and been disruptive for consumers and providers," UnitedHealth Group CEO Andrew Witty said. "We are committed to doing everything possible to help and provide support to anyone who may need it."
Witty said it will take several months for UnitedHealth Group to continually analyze the data breach to identify those whose personal data was compromised and notify them.
The analysis includes monitoring the dark web and Internet to see if anyone's breached data was published. It also is utilizing information from 22 screenshots of alleged personal health and identity information that were published for about a week on the dark web by a "malicious actor," UnitedHealth Group officials said.
Corporate officials are communicating with law enforcement while undertaking the extended analysis to determine the full extent of data breached by the cyberattack.
UnitedHealth Group officials said the corporation "has made continued strong progress restoring services impacted by the event" and "prioritized the restoration of services that impact patient access to care or medication."
Medical claims processing and pharmacy services are nearly at normal levels, and payment processing for Change Healthcare is at about 86% of its normal levels and improving daily, UnitedHealth Group officials said.
The healthcare provider in February identified the BlackCat ransomware gang as the perpetrators of the cyberattack.
Investigators with the Department of Health and Human Services in March began investigating the cyberattack.
It's an incredibly huge mess.
I'm starting a new thread in the Federal section about Congressional hearings.
Much worse than we were told. UnitedHealth paid at least two ransoms to these thieves:
UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach
January 24, 2025UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.
The U.S. health insurance giant confirmed the latest number to TechCrunch on Friday after the markets closed.
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a spokesperson for UnitedHealth Group in an email to TechCrunch. “The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.”
UnitedHealth’s spokesperson said the company was “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.”
The February 2024 cyberattack is the largest breach of medical data in U.S. history and caused months of outages across the U.S. healthcare system. Change Healthcare, a health tech giant and UnitedHealth subsidiary, is one of the largest handlers of health, medical data, and patient records; it’s also one of the biggest processors of healthcare claims in the United States.
The data breach resulted in the theft of massive quantities of health and insurance-related information, some of which was published online by the hackers who claimed responsibility for the breach. Change Healthcare subsequently paid at least two ransoms to prevent further publication of the stolen files.
UnitedHealth previously put the number of affected individuals at around 100 million people when the company filed its preliminary analysis with the Office for Civil Rights, the unit under the U.S. Department of Health and Human Services that investigates data breaches.
In its data breach notice, Change Healthcare said that the cybercriminals stole names and addresses, dates of birth, phone numbers, email addresses, and government identity documents, which included Social Security numbers, driver’s license numbers, and passport numbers. The stolen health data also includes diagnoses, medications, test results, imaging, and care and treatment plans, as well as health insurance information. Change said the data also includes financial and banking information found in patient claims.
The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. According to testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers last year, the hackers broke into Change’s systems using a stolen account credential, which was not protected with multi-factor authentication.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
J & DE Family Charitable Fund
Friends
of MHF
Kelly Grotendiek
Philip Harbach
Dale Johnson
Drs. Jeffrey and Joni Jones
Vickie Kahle
Tammy Kipen
Marlin & Kathy Klumpp
Melanie Kurdys
Ruth Nobel
Patrick Peterson
Stephanie Poortenga
Jeanne Smit
Ben and Hope Staal
John Tuinstra
Jacki VanHuis
Sandy Walker
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
