Hackers affiliated with the ‘Blackcat’ ransomware group are responsible for the outage at UnitedHealth’s technology business, which has disrupted prescription deliveries for six days.
The difficulties began last week after hackers gained access to Change Healthcare’s information technology systems, causing disruptions at pharmacies across the United States.
Change Healthcare and UnitedHealth did not immediately return requests for comments when asked if they were responsible. Blackcat, also known as “ALPHV,” did not immediately react.
Mandiant, Alphabet’s cybersecurity subsidiary, is leading the probe into the hack, according to the two people. In a statement, Mandiant said that it “has been engaged in support of the incident response” but declined to go further.
Blackcat is one of the most well-known ransomware gangs on the internet, which are organizations of hackers who encrypt data in order to demand large sums of money. It has previously attacked prominent companies such as MGM Resorts International and Caesars Entertainment.
In December, US-led international law enforcement took down Blackcat, seizing multiple websites used by the gang as well as hundreds of cryptographic keys used to decode victims’ data.
The hackers threatened to extort vital infrastructure providers and hospitals as retaliation.
CISA, the US cyber watchdog body, and the FBI did not immediately respond to emails for comment.
According to one analyst, the news suggests that, while digital disruptions are vital, they cannot be relied upon to permanently eliminate ransomware gangs.
“It’s unavoidable that if you have a group making millions of dollars, they will try to make a comeback,” said Brett Callow, a threat analyst with the cybersecurity firm Emsisoft.
The assertion that Blackcat was behind the Change Healthcare attack called into question parent firm UnitedHealth’s prior claim that it had been targeted by a “suspected nation-state-associated cybersecurity threat actor.”
“I am not aware of any links between ALPHV and a nation-state,” Callow said. “As far as I am aware, they are financially motivated cybercriminals and nothing more.”
A number of pharmacy chains, including CVS Health and Walgreens, have indicated the disruption had an impact on their operations.
The American Pharmacists Association (APhA) reported on Friday that numerous pharmacies across the country were unable to transmit insurance claims for their patients due to the attack.
It stated that pharmacies were experiencing “significant backlogs of prescriptions,” which they were unable to handle.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
