Cyberattack at Change Healthcare causes major outages

WASHINGTON, UNITED STATES — Ransomware has disrupted operations at Change Healthcare, with the medical firm still navigating through the cyberattack by keeping its systems offline.

The cyberattack at Change Healthcare commenced on February 21, early on the U.S. East Coast. It caused outages at pharmacies and healthcare facilities. To get rid of the hackers, Change Healthcare took its systems offline.

“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online…The disruption is expected to last at least through the day. We will provide updates as more information becomes available,” Change Healthcare said in a statement on Feb 26.

According to Reuters, the ransomware gang BlackCat is behind the attack. The group encrypts data and holds it hostage in exchange for lucrative payouts. 

BlackCat, also referred to as ALPHV, has not yet publicly claimed responsibility for the cyberattack.

The gang has attacked major businesses, including MGM Resorts International and Caesars Entertainment. 

In December 2023, U.S. officials seized extortion websites associated with the ALPHV, as well as hundreds of digital keys used to decrypt victim data. BlackCat had threatened to retaliate by attacking critical infrastructure providers and hospitals.

It’s not yet known if Change Healthcare patient data was stolen in the ransomware attack.

Change Healthcare handles prescriptions and billing for more than 67,000 pharmacies across the U.S. healthcare system. It processes 15 billion healthcare transactions annually.

Change Healthcare merged with healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group.