Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack targeted Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), on February 21, 2024, crippling critical payment and claims processing systems across the U.S. healthcare sector. The incident, attributed to the BlackCat/ALPHV ransomware group, forced widespread disruptions in pharmacies, hospitals, and clinics, delaying prescriptions, billing, and insurance reimbursements.
The attack exploited vulnerabilities in Change Healthcare’s IT infrastructure, encrypting systems and exfiltrating sensitive data, including patient records and financial information. While UHG has not confirmed the full extent of the breach, reports suggest millions of individuals may be affected, with some data already surfacing on dark web forums.
In response, UHG isolated affected systems, engaged cybersecurity firms, and worked with law enforcement, including the FBI and CISA. The outage lasted over a week, with partial restoration beginning in early March, though lingering disruptions continued to strain healthcare providers. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems.
The fallout has prompted scrutiny of healthcare cybersecurity practices, with industry experts warning of potential long-term financial and operational consequences for providers already grappling with the attack’s aftermath.
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
"id": "UNICHA1768835481",
"linkid": "unitedhealth-group, change-healthcare",
"type": "Cyber Attack",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Millions of individuals',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'Change Healthcare',
'type': 'Subsidiary'},
{'industry': 'Healthcare',
'location': 'U.S.',
'name': 'UnitedHealth Group (UHG)',
'type': 'Parent Company'}],
'attack_vector': 'Vulnerabilities in IT infrastructure',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Millions',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient records',
'Financial information']},
'date_detected': '2024-02-21',
'description': 'A ransomware attack targeted Change Healthcare, a key '
'subsidiary of UnitedHealth Group (UHG), on February 21, 2024, '
'crippling critical payment and claims processing systems '
'across the U.S. healthcare sector. The incident forced '
'widespread disruptions in pharmacies, hospitals, and clinics, '
'delaying prescriptions, billing, and insurance '
'reimbursements.',
'impact': {'data_compromised': 'Patient records and financial information',
'downtime': 'Over a week',
'identity_theft_risk': 'High',
'operational_impact': 'Delayed prescriptions, billing, and '
'insurance reimbursements',
'payment_information_risk': 'High',
'systems_affected': 'Payment and claims processing systems'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'BlackCat/ALPHV'},
'response': {'containment_measures': 'Isolated affected systems',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'FBI and CISA',
'recovery_measures': 'Partial restoration beginning in early '
'March',
'third_party_assistance': 'Cybersecurity firms'},
'threat_actor': 'BlackCat/ALPHV',
'title': 'Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare '
'Network',
'type': 'Ransomware'}