Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruption across the U.S. healthcare system, impacting pharmacies, hospitals, and patients nationwide. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, insurance claims, and payment systems.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and later allegedly received a $22 million ransom payment one of the largest known in healthcare. Despite the payment, the group reportedly withheld decryption keys, leaving Change Healthcare to rebuild affected systems independently. The breach exposed sensitive patient data, including medical records, billing information, and personal identifiers, though the full extent of the compromise remains under investigation.
The fallout has been severe: pharmacies faced delays in filling prescriptions, healthcare providers struggled with billing disruptions, and patients encountered difficulties accessing medications. The American Hospital Association (AHA) warned of "catastrophic" financial strain on hospitals, some of which reported cash-flow crises due to unprocessed claims. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are coordinating with law enforcement to assess the breach’s scope and mitigate further risks.
Change Healthcare has since restored many services, but the incident underscores the growing threat of ransomware to critical infrastructure, particularly in healthcare, where operational disruptions can have life-threatening consequences. The attack also raises concerns about the BlackCat group’s tactics, including double-extortion schemes and targeting high-value victims for maximum leverage. Investigations into the breach’s origins and potential regulatory penalties are ongoing.
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
"id": "CHAUNI1776205836",
"linkid": "change-healthcare, unitedhealth-group",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, patients '
'nationwide',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Change Healthcare',
'type': 'Subsidiary'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'UnitedHealth Group (UHG)',
'type': 'Parent Company'}],
'data_breach': {'data_encryption': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Medical records',
'Billing information',
'Personal identifiers']},
'date_detected': '2024-02-21',
'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
'UnitedHealth Group (UHG), has caused widespread disruption '
'across the U.S. healthcare system, impacting pharmacies, '
'hospitals, and patients nationwide. The incident forced the '
'company to take its systems offline, halting critical '
'services such as prescription processing, insurance claims, '
'and payment systems. The breach exposed sensitive patient '
'data, including medical records, billing information, and '
'personal identifiers.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Sensitive patient data, including medical '
'records, billing information, and personal '
'identifiers',
'identity_theft_risk': 'High',
'operational_impact': 'Widespread disruption across U.S. '
'healthcare system; pharmacies faced delays '
'in filling prescriptions; healthcare '
'providers struggled with billing '
'disruptions; patients encountered '
'difficulties accessing medications',
'payment_information_risk': 'High',
'systems_affected': 'Prescription processing, insurance claims, '
'payment systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the growing threat of ransomware '
'to critical infrastructure, particularly in healthcare, '
'where operational disruptions can have life-threatening '
'consequences. It also highlights the risks of '
'double-extortion schemes and targeting high-value victims '
'for maximum leverage.',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Alleged (double-extortion scheme)',
'ransom_paid': '$22 million',
'ransomware_strain': 'BlackCat/ALPHV'},
'references': [{'source': 'American Hospital Association (AHA)'},
{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA)'}],
'regulatory_compliance': {'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services (HHS), '
'Cybersecurity and '
'Infrastructure '
'Security Agency '
'(CISA)'},
'response': {'containment_measures': 'Systems taken offline',
'law_enforcement_notified': 'U.S. Department of Health and Human '
'Services (HHS), Cybersecurity and '
'Infrastructure Security Agency '
'(CISA)',
'recovery_measures': 'Restoration of services',
'remediation_measures': 'Rebuilding affected systems'},
'threat_actor': 'BlackCat/ALPHV',
'title': 'Cyberattack Disrupts Major U.S. Healthcare Network, Exposing '
'Patient Data',
'type': 'Ransomware'}