Blackcat Takes Credit for Change Healthcare Data Breach while Anti-trust Investigation Begins 

Sarasota, FL (WorkersCompensation.com) – Late last week, Change Healthcare, which is owned by healthcare conglomerates Optum and UnitedHealth Group, announced that some of their applications were unavailable due to "enterprise-wide connectivity issues". Throughout the course of multiple updates about the the interruption, Optum stated they had a “high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue”.

While information reported by Change Healthcare regarding the incident was minimal, the disclosure form submitted on Feb. 22 by UnitedHealth to the U.S. Securities and Exchange Commission identified a “suspected nation-state associated cyber security threat actor” as the culprit for their connectivity issues. 

According to yesterday’s Bleeping Computer report, Blackcat ransomware group, also known as ALPHV or Noberus, has taken responsibility for the Change Healthcare data hack. Announced on the dark web, the group has claimed to have stolen 6TB of data related to "thousands of healthcare providers, insurance providers, pharmacies, etc."

Blackcat claims to have gained access to medical records, payment information, and claims information, all of which allegedly contained personally identifiable information (PII) such as phone numbers, social security numbers, email addresses, and more. Active U.S. Military and Navy personnel were allegedly included in the patients impacted. 

The group stated that they had obtained source code for Change Healthcare, as well as sensitive information for associated vendors including CVS Caremark, Metlife, Health Net, Federal Medicare, and Tricare which is the U.S. Military healthcare program. 

What is interesting about this is that in December, the U.S. Justice Department announced that they had infiltrated Blackcat and hacked their website, essentially “hacking the hacker”. An FBI undercover informant was hired by Blackcat after the group had posted on a public forum requesting applicants. On Dec. 11, a search warrant was issued for a residence in Ft. Lauderdale, Florida. Earlier this week, CISA issued an update to a 2022 advisory adding that Blackcat affiliates have been specifically targeting healthcare. 

More than 70,000 pharmacies in the U.S. utilize Change Healthcare for payment. Additionally, UnitedHealth has over 440,000 employees, and works with over 1.6 million healthcare providers, and over 8,000 facilities. To add another twist, according to a Becker’s report earlier this week, the Justice Department has initiated an antitrust investigation into UnitedHealth about its relationship between its insurance unit and health-services arm. 

Share This Article: