US Pharmacy Outage Triggered by ‘Blackcat’ Ransomware at UnitedHealth Unit, Sources Say
12:44 JST, February 27, 2024
WASHINGTON (Reuters) – Hackers working for the ‘Blackcat’ ransomware gang are behind the outage at UnitedHealth’s UNH.N technology unit that has snarled prescription deliveries for six days, two people familiar with the matter told Reuters on Monday.
The problems began last week after hackers gained access to Change Healthcare’s information technology systems and has led to disruptions at pharmacies across the United States.
Change Healthcare and UnitedHealth did not immediately respond to requests for comment. Blackcat, also known as “ALPHV,” did not immediately respond when asked whether it was responsible.
Alphabet’s GOOGL.O cybersecurity unit Mandiant is handling the investigation into the breach, the two people said. In a statement, Mandiant confirmed it “has been engaged in support of the incident response” but declined to comment further.
Blackcat is one of the most notorious of the internet’s many ransomware gangs – groups of cybercriminals who encrypt data to hold it hostage with the aim of securing massive payouts. It has previous struck major businesses including MGM Resorts International MGM.N and Caesars Entertainment CZR.O.
In December, Blackcat was the subject of a takedown by U.S.-led international law enforcement, which seized several websites used by the group as well as hundreds of digital keys used to decrypt victims’ data.
The hackers had threatened to retaliate by extorting critical infrastructure providers and hospitals.
CISA, the U.S. cyber watchdog agency, and the FBI also did not immediately respond to emails seeking comment.
One expert said the news suggested that digital disruptions, while important, could not be counted on to knock ransomware groups out for good.
“It’s inevitable that if you have a group that’s making millions of bucks, they are going to attempt to make a comeback,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft.
The allegation that Blackcat was behind the hack at Change Healthcare also raised questions about parent company UnitedHealth’s previous claim that it had been targeted by a “suspected nation-state associated cybersecurity threat actor.”
“I am not aware of any links between ALPHV and a nation state,” Callow said. “As far as I am aware they are financially motivated cybercriminals and nothing more.”
Reuters has not been able to gauge the full extent of the disruption.
A number of pharmacy chains, including CVS Health CVS.N and Walgreens WBA.O, have said the outage had knock-on effects on their businesses.
The American Pharmacists Association (APhA) said on Friday many pharmacies across the nation could not transmit insurance claims for their patients following the hack.
It said pharmacies were reporting “significant backlogs of prescriptions,” which they were unable to process.
"News Services" POPULAR ARTICLE
-
Israel Strikes Suspected Chemical Weapons Sites and Long-range Rockets in Syria
-
Japan’s Nikkei Stock Average Ends Higher in Choppy Trade (UPDATE 1)
-
Japan’s Nikkei Stock Average Slips on Firmer Yen amid BOJ Rate Hike Bets; Logs Worst Month since April (Update 1)
-
South Korea Ex-Defense Minister Accused of Role in Martial Law Tries to Commit Suicide, Official Says
-
Japan’s Nikkei Stock Average Ends Lower as Traders Book Profits, Assess US Data (Update 1)
JN ACCESS RANKING
- Core Inflation in Tokyo Accelerates in November
- China to Test Mine for Rare Metals Off Japan Island; Japan Lagging in Technologies Needed for Extraction
- Record 320 School Staff Punished for Sex Offenses in Japan
- Miho Nakayama, Japanese Actress and Singer, Found Dead at Her Tokyo Residence; She was 54 (UPDATE 1)
- Immerse Yourself in Snoopy’s World Ahead of Comic Strip’s 75th Anniversary Next Year; Renovated, Refreshed Museum Features Original, Reproduced Comic Strips, Vintage Merchandise