UPDATE: Ransomware Group Leaks Change Healthcare Data
One cybersecurity expert estimates some healthcare providers are losing $100 million per day because of the Change Healthcare ransomware attack.
Image via Adobe, by nicescene
UPDATE – April 16, 2024
It appears that the ransomware hacker group, ALPHV/Blackcat, that allegedly received Change Healthcare’s payment of a $22 million did not share the payout with a second hacking group that still has the data, reports KARE. The second group, known as RansomHub, recently threatened to release the stolen date or sell it to the highest bidder unless it also receives a ransom.
And then on Monday, the second group started publicize the data, such as screenshots that include data-sharing agreements between Change Healthcare and insurance providers, including CVS Caremark, Health Net, and Loomis, reports Bleeping Computer.
UPDATE – MARCH 20, 2024:
UnitedHealth Group says it is making progress in addressing the massive ransomware attack its subsidiary, Change Healthcare, experienced last month. Over the next several days, Change Healthcare will release medical claims preparation software to thousands of its customers, according to a statement from UnitedHealth. Additionally, it has restored its electronic payments platform and 99% of its pharmacy network services.
The company says it has also developed “multiple workarounds to ensure provider claims are addressed and people have access to the medications and care they need,” including a Temporary Funding Assistance Program.
UPDATE – MARCH 7, 2024:
The U.S. Department of Health and Human Services (HHS) released a statement Tuesday regarding the recent cyberattack on Change Healthcare. The statement comes following multiple requests from industry groups urging HHS to offer guidance and enforcement to healthcare organizations as the ransomware attack continues to impact providers.
HHS said the Centers for Medicare & Medicaid Services (CMS) will take the lead on the response and acknowledged the concerns of providers who are experiencing issues with cash flow as they remain unable to submit claims. CMS will issue guidance encouraging Medicare Advantage and Part D plans to relax utilization management requirements and to offer advance funding to providers who may be most impacted by ongoing outages, Fierce Healthcare reports.
HHS said providers in the Medicare program should reach out to a Medicare Administrative Contractor (MAC) if they need to switch to a new clearinghouse during the disruption. CMS contacted all MACs to ensure that they are prepared to accept an influx of paper claims.
The agency also said that MACs would make information available later this week on accelerated payments for providers and encouraged them to take advantage of these offerings from private payers and the federal government.
CMS is also encouraging other payers to waive or expedite solutions, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies.
“This incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem,” HHS wrote. “The system and the American people can ill afford further disruptions in care.”
ORIGINAL ARTICLE – MARCH 5, 2024
Change Healthcare, a technology company owned by UnitedHealth that processes insurance claims and other critical hospital functions experienced a ransomware attack on February 21 that has continued to cause major disruptions to the nation’s medical payments infrastructure.
For more than a week and a half, the attack has threatened the security of patient data and is delaying many prescriptions at pharmacies and in hospitals around the country, as well as some healthcare worker paychecks, reports the Associated Press. Pharmacies such as CVS, Walgreens, Publix, and Good RX all have reported some disruption resulting from the attack, reports the Tennessean.
The ransomware attack against Change Healthcare is the most serious incident of its kind leveled against a healthcare organization in the U.S., according to the American Hospital Association (AHA). The company says it processes about 15 billion healthcare transactions every year and touches one in every three patient records.
One cybersecurity expert says some healthcare providers are losing more than $100 million per day due to the outage, reports CNN.
According to the AHA: “The staggering loss of revenue means that some hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services. In addition, replacing previously electronic processes with manual processes has often proved ineffective and is adding considerable administrative costs on providers, as well as diverting team members from other tasks.”
In response to the attack, Change Healthcare immediately isolated and disconnected the impacted systems, reports NBC News. UnitedHealth also stood up a “Temporary Funding Assistance Program” for hospitals affected by the breach, but according to the AHA, the funds “will not come close to meeting the needs of our members as they struggle to meet the financial demands of payroll, supplies and bond covenant requirements, among others.”
It is also believed that Change Healthcare has paid off the hackers. The group responsible for the attack is known as AlphV or BlackCat, reports Wired. The group received 350 bitcoins in a single transaction or nearly $22 million as a ransom payment. If Change Healthcare did pay the ransom, it would set a dangerous precedent by encouraging more cyberattacks. The payment also runs counter to the FBI’s instructions not to pay hackers.
Additionally, an affiliate hacker has indicated that they’ve accessed the data of many other healthcare firms that have partnered with Change Healthcare. If true, the hacker could demand more payments or leak the information it has accessed, reports Wired.
In response to the ransomware attack, the AHA sent a letter to Congress requesting a “whole government response.” Read the letter.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
About the Author
Robin Hattersley, Editor-in-Chief
Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.
Related Content
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
Ransomware group leaks Change Healthcare data, sparking concerns over privacy and security. Stay vigilant and ensure your data protection measures are up to date.”
Thank you