Blackcat Takes Credit for Change Healthcare Data Breach while Anti-trust Investigation Begins 

01 Mar, 2024 F.J. Thomas


Sarasota, FL ( – Late last week, Change Healthcare, which is owned by healthcare conglomerates Optum and UnitedHealth Group, announced that some of their applications were unavailable due to "enterprise-wide connectivity issues". Throughout the course of multiple updates about the the interruption, Optum stated they had a “high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue”.

While information reported by Change Healthcare regarding the incident was minimal, the disclosure form submitted on Feb. 22 by UnitedHealth to the U.S. Securities and Exchange Commission identified a “suspected nation-state associated cyber security threat actor” as the culprit for their connectivity issues. 

According to yesterday’s Bleeping Computer report, Blackcat ransomware group, also known as ALPHV or Noberus, has taken responsibility for the Change Healthcare data hack. Announced on the dark web, the group has claimed to have stolen 6TB of data related to "thousands of healthcare providers, insurance providers, pharmacies, etc."

Blackcat claims to have gained access to medical records, payment information, and claims information, all of which allegedly contained personally identifiable information (PII) such as phone numbers, social security numbers, email addresses, and more. Active U.S. Military and Navy personnel were allegedly included in the patients impacted. 

The group stated that they had obtained source code for Change Healthcare, as well as sensitive information for associated vendors including CVS Caremark, Metlife, Health Net, Federal Medicare, and Tricare which is the U.S. Military healthcare program. 

What is interesting about this is that in December, the U.S. Justice Department announced that they had infiltrated Blackcat and hacked their website, essentially “hacking the hacker”. An FBI undercover informant was hired by Blackcat after the group had posted on a public forum requesting applicants. On Dec. 11, a search warrant was issued for a residence in Ft. Lauderdale, Florida. Earlier this week, CISA issued an update to a 2022 advisory adding that Blackcat affiliates have been specifically targeting healthcare. 

More than 70,000 pharmacies in the U.S. utilize Change Healthcare for payment. Additionally, UnitedHealth has over 440,000 employees, and works with over 1.6 million healthcare providers, and over 8,000 facilities. To add another twist, according to a Becker’s report earlier this week, the Justice Department has initiated an antitrust investigation into UnitedHealth about its relationship between its insurance unit and health-services arm. 

  • AI artificial intelligence california case management case management focus claims cms compensability compliance courts covid do you know the rule exclusive remedy florida FMLA glossary check health care Healthcare iowa leadership medical medicare minnesota NCCI new jersey new york ohio osha pennsylvania Safety state info technology tennessee texas violence virginia WDYT west virginia what do you think women's history month workers' comp 101 workers' recovery workers' compensation contact information Workplace Safety Workplace Violence

  • Read Also

    About The Author

    • F.J. Thomas

      F.J. Thomas has worked in healthcare business for more than fifteen years in Tennessee. Her experience as a contract appeals analyst has given her an intimate grasp of the inner workings of both the provider and insurance world. Knowing first hand that the industry is constantly changing, she strives to find resources and information you can use.

    Read More

    Request a Demo

    To request a free demo of one of our products, please fill in this form. Our sales team will get back to you shortly.