Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group, has severely disrupted U.S. healthcare operations, causing widespread delays in prescription processing, insurance claims, and payment systems. The incident, detected on February 21, 2024, forced the company to take its systems offline, impacting pharmacies, hospitals, and clinics nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly stole 6 terabytes of sensitive data, including patient records, billing information, and personal details. While Change Healthcare has not confirmed the ransom demand, reports suggest the group sought $22 million in cryptocurrency.
The outage has left healthcare providers struggling to verify insurance coverage, process payments, and fill prescriptions, with some pharmacies resorting to manual workarounds. The American Hospital Association (AHA) described the disruption as "the most significant cyberattack on the U.S. healthcare system in history," urging federal intervention.
UnitedHealth Group has engaged cybersecurity firms to investigate and restore services, though full recovery remains uncertain. The incident underscores the growing threat of ransomware to critical infrastructure, with regulators and lawmakers scrutinizing healthcare cybersecurity vulnerabilities. No evidence has emerged that the stolen data has been publicly leaked yet.
Source: https://biz.chosun.com/en/en-industry/2026/01/22/L4M2SGNYPRDKJNFUBODHPEZIJY/
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
"id": "UNI1769031536",
"linkid": "unitedhealth-group",
"type": "Cyber Attack",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, clinics '
'nationwide',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Change Healthcare',
'type': 'Subsidiary'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient records, billing '
'information, personal details'},
'date_detected': '2024-02-21',
'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
'UnitedHealth Group, has severely disrupted U.S. healthcare '
'operations, causing widespread delays in prescription '
'processing, insurance claims, and payment systems. The '
'incident forced the company to take its systems offline, '
'impacting pharmacies, hospitals, and clinics nationwide.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': '6 terabytes of sensitive data',
'identity_theft_risk': 'High',
'operational_impact': 'Widespread delays in healthcare operations, '
'manual workarounds required',
'payment_information_risk': 'High',
'systems_affected': 'Prescription processing, insurance claims, '
'payment systems'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '$22 million',
'ransomware_strain': 'BlackCat/ALPHV'},
'references': [{'source': 'American Hospital Association (AHA)'}],
'response': {'containment_measures': 'Systems taken offline',
'recovery_measures': 'Ongoing, full recovery uncertain',
'third_party_assistance': 'Cybersecurity firms engaged'},
'stakeholder_advisories': 'Federal intervention urged',
'threat_actor': 'BlackCat/ALPHV',
'title': 'Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare '
'Network',
'type': 'Ransomware'}