UPDATE – April 16, 2024
It appears that the ransomware hacker group, ALPHV/Blackcat, that allegedly received Change Healthcare’s payment of a $22 million did not share the payout with a second hacking group that still has the data, reports KARE. The second group, known as RansomHub, recently threatened to release the stolen date or sell it to the highest bidder unless it also receives a ransom.
And then on Monday, the second group started publicize the data, such as screenshots that include data-sharing agreements between Change Healthcare and insurance providers, including CVS Caremark, Health Net, and Loomis, reports Bleeping Computer.
UPDATE – MARCH 20, 2024:
UnitedHealth Group says it is making progress in addressing the massive ransomware attack its subsidiary, Change Healthcare, experienced last month. Over the next several days, Change Healthcare will release medical claims preparation software to thousands of its customers, according to a statement from UnitedHealth. Additionally, it has restored its electronic payments platform and 99% of its pharmacy network services.
The company says it has also developed “multiple workarounds to ensure provider claims are addressed and people have access to the medications and care they need,” including a Temporary Funding Assistance Program.
UPDATE – MARCH 7, 2024:
The U.S. Department of Health and Human Services (HHS) released a statement Tuesday regarding the recent cyberattack on Change Healthcare. The statement comes following multiple requests from industry groups urging HHS to offer guidance and enforcement to healthcare organizations as the ransomware attack continues to impact providers.
HHS said the Centers for Medicare & Medicaid Services (CMS) will take the lead on the response and acknowledged the concerns of providers who are experiencing issues with cash flow as they remain unable to submit claims. CMS will issue guidance encouraging Medicare Advantage and Part D plans to relax utilization management requirements and to offer advance funding to providers who may be most impacted by ongoing outages, Fierce Healthcare reports.
HHS said providers in the Medicare program should reach out to a Medicare Administrative Contractor (MAC) if they need to switch to a new clearinghouse during the disruption. CMS contacted all MACs to ensure that they are prepared to accept an influx of paper claims.
The agency also said that MACs would make information available later this week on accelerated payments for providers and encouraged them to take advantage of these offerings from private payers and the federal government.
CMS is also encouraging other payers to waive or expedite solutions, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies.
“This incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem,” HHS wrote. “The system and the American people can ill afford further disruptions in care.”
ORIGINAL ARTICLE – MARCH 5, 2024
Change Healthcare, a technology company owned by UnitedHealth that processes insurance claims and other critical hospital functions experienced a ransomware attack on February 21 that has continued to cause major disruptions to the nation’s medical payments infrastructure.
For more than a week and a half, the attack has threatened the security of patient data and is delaying many prescriptions at pharmacies and in hospitals around the country, as well as some healthcare worker paychecks, reports the Associated Press. Pharmacies such as CVS, Walgreens, Publix, and Good RX all have reported some disruption resulting from the attack, reports the Tennessean.
The ransomware attack against Change Healthcare is the most serious incident of its kind leveled against a healthcare organization in the U.S., according to the American Hospital Association (AHA). The company says it processes about 15 billion healthcare transactions every year and touches one in every three patient records.
One cybersecurity expert says some healthcare providers are losing more than $100 million per day due to the outage, reports CNN.
According to the AHA: “The staggering loss of revenue means that some hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services. In addition, replacing previously electronic processes with manual processes has often proved ineffective and is adding considerable administrative costs on providers, as well as diverting team members from other tasks.”
In response to the attack, Change Healthcare immediately isolated and disconnected the impacted systems, reports NBC News. UnitedHealth also stood up a “Temporary Funding Assistance Program” for hospitals affected by the breach, but according to the AHA, the funds “will not come close to meeting the needs of our members as they struggle to meet the financial demands of payroll, supplies and bond covenant requirements, among others.”
It is also believed that Change Healthcare has paid off the hackers. The group responsible for the attack is known as AlphV or BlackCat, reports Wired. The group received 350 bitcoins in a single transaction or nearly $22 million as a ransom payment. If Change Healthcare did pay the ransom, it would set a dangerous precedent by encouraging more cyberattacks. The payment also runs counter to the FBI’s instructions not to pay hackers.
Additionally, an affiliate hacker has indicated that they’ve accessed the data of many other healthcare firms that have partnered with Change Healthcare. If true, the hacker could demand more payments or leak the information it has accessed, reports Wired.
In response to the ransomware attack, the AHA sent a letter to Congress requesting a “whole government response.” Read the letter.