Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group, has caused widespread disruption across the U.S. healthcare system, impacting pharmacies, hospitals, and insurance providers. The incident, first detected on February 21, 2024, forced the company to disconnect critical systems to contain the breach, leading to delays in prescription processing, billing, and claims submissions nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly exfiltrated 6 terabytes of sensitive data, including patient records, insurance details, and financial information. While UnitedHealth Group has not confirmed whether a ransom was paid, the group’s dark web leak site previously listed Change Healthcare as a victim before the listing was removed suggesting possible negotiations.
The fallout has been severe, with some healthcare providers reporting cash flow disruptions due to halted payments, while patients faced difficulties accessing medications. The American Hospital Association (AHA) and U.S. Department of Health and Human Services (HHS) have issued alerts, urging providers to implement contingency plans. Investigations by cybersecurity firms and federal agencies, including the FBI and CISA, are ongoing to assess the full scope of the breach and its implications for healthcare cybersecurity.
This incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems. The attack’s ripple effects continue to strain an already overburdened healthcare system, raising concerns about long-term vulnerabilities in patient data protection.
Source: https://www.chosun.com/english/industry-en/2026/01/22/ZBFCQGR75ZD75HEY4GH75N4BBU/
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
"id": "UNICHA1769088935",
"linkid": "unitedhealth-group, change-healthcare",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, '
'insurance providers, and '
'patients nationwide',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Change Healthcare',
'type': 'Subsidiary'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'UnitedHealth Group',
'type': 'Parent Company'}],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient records, insurance '
'details, financial information'},
'date_detected': '2024-02-21',
'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
'UnitedHealth Group, has caused widespread disruption across '
'the U.S. healthcare system, impacting pharmacies, hospitals, '
'and insurance providers. The incident forced the company to '
'disconnect critical systems to contain the breach, leading to '
'delays in prescription processing, billing, and claims '
'submissions nationwide.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': '6 terabytes of sensitive data, including '
'patient records, insurance details, and '
'financial information',
'identity_theft_risk': 'High',
'operational_impact': 'Delays in prescription processing, billing, '
'and claims submissions; cash flow '
'disruptions for healthcare providers',
'payment_information_risk': 'High',
'systems_affected': 'Pharmacies, hospitals, insurance providers, '
'prescription processing, billing, and claims '
'submissions systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the growing threat of ransomware '
'to critical infrastructure, particularly in sectors '
'reliant on interconnected digital systems.',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'BlackCat/ALPHV'},
'recommendations': 'Healthcare providers urged to implement contingency '
'plans; enhance cybersecurity measures to protect patient '
'data.',
'references': [{'source': 'American Hospital Association (AHA)'},
{'source': 'U.S. Department of Health and Human Services '
'(HHS)'},
{'source': 'BlackCat/ALPHV dark web leak site'}],
'regulatory_compliance': {'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services (HHS)'},
'response': {'communication_strategy': 'Alerts issued by American Hospital '
'Association (AHA) and U.S. Department '
'of Health and Human Services (HHS)',
'containment_measures': 'Disconnected critical systems to '
'contain the breach',
'law_enforcement_notified': 'FBI, CISA'},
'stakeholder_advisories': 'Alerts issued by AHA and HHS urging providers to '
'implement contingency plans.',
'threat_actor': 'BlackCat/ALPHV',
'title': 'Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare '
'Network',
'type': 'Ransomware'}