• Home
  • cyber
  • UnitedHealth Group and Change Healthcare: KARE 11
cyber Ransomware

UnitedHealth Group and Change Healthcare: KARE 11

Apr 14, 2026 2 min read
UnitedHealth Group and Change Healthcare: KARE 11

Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data

A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, impacting pharmacies, hospitals, and patients nationwide. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, insurance claims, and payment systems.

The attack has been attributed to the BlackCat/ALPHV ransomware group, which reportedly exploited vulnerabilities in Change Healthcare’s IT infrastructure. While UHG has not confirmed whether a ransom was paid, the group claimed responsibility and later removed its dark web post, a tactic often associated with negotiations or payment. The breach exposed sensitive patient data, though the full extent of the compromise remains under investigation.

The fallout has been severe, with pharmacies reporting delays in filling prescriptions, healthcare providers struggling to process claims, and patients facing difficulties accessing medications. Some hospitals have resorted to manual workarounds, while others have temporarily diverted services to alternative systems. The American Hospital Association (AHA) has urged federal agencies to provide emergency funding and support to mitigate the crisis.

As of March 2024, Change Healthcare has begun restoring services, but full recovery is expected to take weeks. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in the healthcare sector, where operational disruptions can have life-threatening consequences. Regulatory bodies, including the HHS Office for Civil Rights (OCR), are monitoring the situation for potential HIPAA violations.

Source: https://www.kare11.com/article/news/local/breaking-the-news/spring-lake-park-schools-closed-ransomware/89-bf477868-222a-49a7-9a4c-cf2c19b33e94

UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group

Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare

"id": "UNICHA1776140687",
"linkid": "unitedhealth-group, change-healthcare",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, patients '
                                              'nationwide',
                        'industry': 'Healthcare',
                        'location': 'United States',
                        'name': 'Change Healthcare',
                        'type': 'Healthcare Technology/Subsidiary'},
                       {'industry': 'Healthcare',
                        'location': 'United States',
                        'name': 'UnitedHealth Group (UHG)',
                        'type': 'Parent Company'}],
 'data_breach': {'personally_identifiable_information': 'Likely (patient data)',
                 'sensitivity_of_data': 'High (sensitive patient data)',
                 'type_of_data_compromised': 'Patient data'},
 'date_detected': '2024-02-21',
 'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
                'UnitedHealth Group (UHG), caused widespread disruptions '
                'across the U.S. healthcare system, impacting pharmacies, '
                'hospitals, and patients nationwide. The incident forced the '
                'company to take its systems offline, halting critical '
                'services such as prescription processing, insurance claims, '
                'and payment systems. The breach exposed sensitive patient '
                'data, though the full extent remains under investigation.',
 'impact': {'data_compromised': 'Sensitive patient data',
            'downtime': 'Weeks (ongoing as of March 2024)',
            'operational_impact': 'Widespread disruptions in pharmacies, '
                                  'hospitals, and patient services; manual '
                                  'workarounds required; service diversions',
            'systems_affected': ['Prescription processing',
                                 'Insurance claims',
                                 'Payment systems']},
 'investigation_status': 'Ongoing',
 'ransomware': {'ransomware_strain': 'BlackCat/ALPHV'},
 'references': [{'source': 'American Hospital Association (AHA)'},
                {'source': 'HHS Office for Civil Rights (OCR)'}],
 'regulatory_compliance': {'regulations_violated': 'Potential HIPAA violations',
                           'regulatory_notifications': 'HHS Office for Civil '
                                                       'Rights (OCR) '
                                                       'monitoring'},
 'response': {'containment_measures': 'Systems taken offline',
              'remediation_measures': 'Restoring services (ongoing as of March '
                                      '2024)'},
 'stakeholder_advisories': 'American Hospital Association (AHA) urged federal '
                           'agencies for emergency funding and support',
 'threat_actor': 'BlackCat/ALPHV',
 'title': 'Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare '
          'Network',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Vulnerabilities in Change Healthcare’s IT '
                            'infrastructure'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.