Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, impacting pharmacies, hospitals, and insurance providers. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, claims submissions, and payment transactions.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and later listed the stolen data on its dark web leak site. While UHG has not confirmed whether a ransom was paid, reports suggest the hackers may have received a $22 million payment one of the largest known ransomware payouts to date. The breach exposed sensitive patient information, including medical records, billing details, and personal identifiers, though the full extent of the data compromise remains under investigation.
The outage has had cascading effects, with pharmacies reporting delays in filling prescriptions, healthcare providers struggling to verify insurance coverage, and patients facing challenges accessing medications. Some hospitals have resorted to manual workarounds, while others have temporarily diverted patients to alternative facilities. The American Hospital Association (AHA) and the U.S. Department of Health and Human Services (HHS) have issued alerts, urging organizations to monitor for potential fraud and reinforce cybersecurity measures.
Change Healthcare has since begun restoring services, with partial functionality returning in early March, but full recovery is expected to take weeks. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in the healthcare sector, where operational disruptions can directly endanger patient care. Regulatory scrutiny is likely to follow, as lawmakers and industry groups assess the attack’s implications for data security and resilience in the healthcare ecosystem.
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
"id": "CHAUNI1770195897",
"linkid": "change-healthcare, unitedhealth-group",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, '
'insurance providers, patients',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Change Healthcare',
'type': 'Healthcare technology subsidiary'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'UnitedHealth Group (UHG)',
'type': 'Parent company'}],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (listed on dark web leak site)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Medical records',
'Billing details',
'Personal identifiers']},
'date_detected': '2024-02-21',
'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
'UnitedHealth Group (UHG), has caused widespread disruptions '
'across the U.S. healthcare system, impacting pharmacies, '
'hospitals, and insurance providers. The incident forced the '
'company to take its systems offline, halting critical '
'services such as prescription processing, claims submissions, '
'and payment transactions. The breach exposed sensitive '
'patient information, including medical records, billing '
'details, and personal identifiers.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Sensitive patient information, including '
'medical records, billing details, and '
'personal identifiers',
'downtime': 'Weeks (partial recovery in early March 2024)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Likely',
'operational_impact': 'Widespread disruptions across pharmacies, '
'hospitals, and insurance providers; manual '
'workarounds and patient diversions',
'payment_information_risk': 'High',
'systems_affected': 'Prescription processing, claims submissions, '
'payment transactions'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (listed on dark web '
'leak site)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Growing threat of ransomware to critical infrastructure, '
'particularly in healthcare; need for enhanced '
'cybersecurity measures and resilience.',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_paid': '$22 million (reported, not confirmed)',
'ransomware_strain': 'BlackCat/ALPHV'},
'recommendations': 'Monitor for potential fraud, reinforce cybersecurity '
'measures, assess data security and resilience in '
'healthcare ecosystem.',
'references': [{'source': 'American Hospital Association (AHA)'},
{'source': 'U.S. Department of Health and Human Services '
'(HHS)'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)'],
'regulatory_notifications': 'Alerts issued by HHS'},
'response': {'communication_strategy': 'Alerts issued by American Hospital '
'Association (AHA) and U.S. Department '
'of Health and Human Services (HHS)',
'containment_measures': 'Systems taken offline',
'recovery_measures': 'Full recovery expected to take weeks',
'remediation_measures': 'Partial restoration of services'},
'stakeholder_advisories': 'Alerts issued by AHA and HHS urging organizations '
'to monitor for fraud and reinforce cybersecurity '
'measures.',
'threat_actor': 'BlackCat/ALPHV',
'title': 'Cyberattack Disrupts Major U.S. Healthcare Network, Exposing '
'Patient Data',
'type': 'Ransomware'}