2024 Change Healthcare ransomware attack

From WikiProjectMed
Jump to navigation Jump to search
2024 Change Healthcare ransomware attack
DateFebruary 21, 2024 – present
(2 months and 1 day)
TypeCyberattack
SuspectsBlackCat

On February 21, 2024, the American company Change Healthcare, a division of UnitedHealth Group, was affected by a ransomware attack.[1] The cyberattack shut down the largest healthcare payment system in the United States.[2]

Attack

On February 22, 2024, UnitedHealth Group filed a notice to the Securities and Exchange Commission stating that a "suspected nation-state associated cybersecurity threat actor" gained access to Change Healthcare's information technology system. Following UnitedHealth Group's initial filing, CVS Health, Walgreens, Publix, GoodRX, and BlueCross BlueShield of Montana reported disruptions in insurance claims.[3] The cyberattack affected family-owned pharmacies and military pharmacies, including Naval Hospital Camp Pendleton.[4] Healthcare company athenahealth was affected, according to Forbes.[5]

On February 29, 2024, UnitedHealth Group confirmed that the ransomware attack was "perpetrated by a cybercrime threat actor who...represented itself to [the company] as ALPHV/Blackcat." In the same update, the company stated that it was "working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Networks" to address the matter.[6]

On March 4, 2024, Reuters reported that a bitcoin payment equivalent to nearly $22 million USD was made to a cryptocurrency wallet "associated with ALPHV." UnitedHealth has not commented on the payment, instead stating that the organization was "focused on the investigation and the recovery." [1] On the same day, a Wired reported stated that the transaction looked "very much like a large ransom payment." [2]

Response

On March 1, 2024, UnitedHealth Group's Optum division launched a Temporary Funding Assistance Program to help bridge the gap in short-term cash flow needs for providers who received payments from payers that were processed by Change Healthcare.[7][8] The American Hospital Association (AHA) stated that the program was "not even a band-aid" on the payment problems identified by the company, citing its "onerous" terms and conditions including Optum's ability to recoup funds "immediately and without prior notification," and to "change the agreement simply by providing notice."[9]

On March 5, 2024, the U.S. Department of Health and Human Services announced flexibilities for hospitals impacted by the attack.[10] The American Hospital Association (AHA) was critical of these measures, stating that the proposed flexibilities were "not an adequate whole of government response."[11]

On March 12, 2024, UnitedHealth CEO Andrew Witty was summoned to a meeting by the Biden administration, during which HHS Secretary Xavier Becerra and White House domestic policy chief Neera Tanden urged Witty and other members of UHG leadership to increase the amount of funding available to providers who have been impacted by the protracted outage. Healthcare providers from across the sector were also in attendance and voiced their concerns about the ongoing financial and operational impacts of the Change cyberattack. [12][13]

References

  1. ^ "Health-care hack spreads pain across hospitals and doctors nationwide".
  2. ^ "Cyberattack Paralyzes the Largest U.S. Health Care Payment System". March 5, 2024.
  3. ^ Satter, Raphael; Roy, Sriparna (February 22, 2024). "Pharmacies across US disrupted following hack at Change Healthcare network". Reuters. Retrieved March 5, 2024.
  4. ^ Czachor, Emily (February 22, 2024). "Cybersecurity breach at UnitedHealth subsidiary causes Rx delays for some pharmacies". CBS News. Retrieved March 5, 2024.
  5. ^ Lyons, Jessica (February 22, 2024). "Cyberattack downs pharmacies across America". The Register. Retrieved March 5, 2024.
  6. ^ "Optum Solutions Status". status.changehealthcare.com. Retrieved 2024-03-08.
  7. ^ "UnitedHealth Group Update on Change Healthcare Cyberattack". www.unitedhealthgroup.com. Retrieved 2024-03-08.
  8. ^ "Temporary Funding Assistance". www.optum.com. Retrieved 2024-03-08.
  9. ^ "AHA Expresses Concerns with UHG Program in Response to Cyberattack on Change Healthcare | AHA". www.aha.org. 2024-03-06. Retrieved 2024-03-08.
  10. ^ Affairs (ASPA), Assistant Secretary for Public (2024-03-05). "HHS Statement Regarding the Cyberattack on Change Healthcare". www.hhs.gov. Retrieved 2024-03-08.
  11. ^ "HHS Announces Some Flexibilities for Hospitals Following Cyberattack on Change Healthcare | AHA". www.aha.org. 2024-03-06. Retrieved 2024-03-08.
  12. ^ Diamond, Dan (2024-03-12). "White House summons UnitedHealth CEO as payment paralysis enters 3rd week". Washington Post. ISSN 0190-8286. Retrieved 2024-03-12.
  13. ^ Lyngaas, Sean (2024-03-12). "Biden officials press health care giant to get emergency funding flowing to providers following cyberattack | CNN Business". CNN. Retrieved 2024-03-12.
Retrieved from "https://mdwiki.org/wiki/2024_Change_Healthcare_ransomware_attack"