UnitedHealth faced a significant ransomware attack where its subsidiary, Change Healthcare, was compromised. The attack disrupted pharmacy operations, leading to chaos and a desperate need to fill prescriptions. UnitedHealth ultimately paid $22 million in bitcoin to the ALPHV/BlackCat gang to restore services quickly.
Source: https://www.theregister.com/2025/06/06/ransomware_negotiation/
TPRM report: https://scoringcyber.rankiteo.com/company/unitedhealth-group
"id": "uni721060625",
"linkid": "unitedhealth-group",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'name': ['Colonial Pipeline',
'UnitedHealth',
'Change Healthcare',
'PowerSchool'],
'type': 'Organization'}],
'description': 'Computer screens all over your org are flashing up a warning '
"that you've been infected by ransomware, or you've got a "
"message that someone's been stealing information from your "
"server. There's a growing market of firms that advise "
'extortion victims on how to handle the situation, but that '
'just adds another invoice to the injury, and some still '
'prefer to go it alone. In the end, while a few companies do '
'ignore ransom demands outright, all at least assess their '
'options before deciding whether to negotiate, restore from '
'backups, or pay up.',
'motivation': 'Financial Gain',
'ransomware': {'ransom_paid': ['$22 million in bitcoin'],
'ransomware_strain': ['ALPHV/BlackCat', 'LockBit']},
'response': {'remediation_measures': ['Wipe systems clean',
'Restore from backups',
'Thoroughly check for remaining '
'threats'],
'third_party_assistance': True},
'threat_actor': ['ALPHV/BlackCat gang', 'LockBit'],
'title': 'Ransomware Incident Analysis',
'type': 'Ransomware'}