US Pharmacy Outage Triggered by ‘Blackcat’ Ransomware at UnitedHealth Unit, Sources Say
12:44 JST, February 27, 2024
WASHINGTON (Reuters) – Hackers working for the ‘Blackcat’ ransomware gang are behind the outage at UnitedHealth’s UNH.N technology unit that has snarled prescription deliveries for six days, two people familiar with the matter told Reuters on Monday.
The problems began last week after hackers gained access to Change Healthcare’s information technology systems and has led to disruptions at pharmacies across the United States.
Change Healthcare and UnitedHealth did not immediately respond to requests for comment. Blackcat, also known as “ALPHV,” did not immediately respond when asked whether it was responsible.
Alphabet’s GOOGL.O cybersecurity unit Mandiant is handling the investigation into the breach, the two people said. In a statement, Mandiant confirmed it “has been engaged in support of the incident response” but declined to comment further.
Blackcat is one of the most notorious of the internet’s many ransomware gangs – groups of cybercriminals who encrypt data to hold it hostage with the aim of securing massive payouts. It has previous struck major businesses including MGM Resorts International MGM.N and Caesars Entertainment CZR.O.
In December, Blackcat was the subject of a takedown by U.S.-led international law enforcement, which seized several websites used by the group as well as hundreds of digital keys used to decrypt victims’ data.
The hackers had threatened to retaliate by extorting critical infrastructure providers and hospitals.
CISA, the U.S. cyber watchdog agency, and the FBI also did not immediately respond to emails seeking comment.
One expert said the news suggested that digital disruptions, while important, could not be counted on to knock ransomware groups out for good.
“It’s inevitable that if you have a group that’s making millions of bucks, they are going to attempt to make a comeback,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft.
The allegation that Blackcat was behind the hack at Change Healthcare also raised questions about parent company UnitedHealth’s previous claim that it had been targeted by a “suspected nation-state associated cybersecurity threat actor.”
“I am not aware of any links between ALPHV and a nation state,” Callow said. “As far as I am aware they are financially motivated cybercriminals and nothing more.”
Reuters has not been able to gauge the full extent of the disruption.
A number of pharmacy chains, including CVS Health CVS.N and Walgreens WBA.O, have said the outage had knock-on effects on their businesses.
The American Pharmacists Association (APhA) said on Friday many pharmacies across the nation could not transmit insurance claims for their patients following the hack.
It said pharmacies were reporting “significant backlogs of prescriptions,” which they were unable to process.
"News Services" POPULAR ARTICLE
-
Christmas TV Movies Are in Their Taylor Swift Era, with Two Swift-inspired Films Airing This Year
-
Nissan Plans 9,000 Job Cuts, Slashes Annual Profit Outlook
-
Chinese Solar Firms Go Where US Tariffs Don’t Reach
-
Japan’s Nikkei Stock Average Ends Higher as Chip-Related Shares Track Nasdaq Gains (UPDATE 1)
-
Japan’s Nikkei Stock Average Posts Biggest Weekly Gains since September (Update 1)
JN ACCESS RANKING
- Japan Business Circle Calls for China Resuming Visa-Free Travel; Keizai Doyukai Visit to Country Marks 1st in 8 Years
- Streaming Services Boost Anime Popularity Overseas; Former ‘Geeky’ Interest More Beloved Among Gen Z than 3 Major U.S. Sports
- Malaysia Growing in Popularity as Destination for Studying Abroad; British-style Education Available at Low Cost
- ‘Women Over 30 Would Have Uteruses Removed’; Remarks of CPJ Leader, Novelist Naoki Hyakuta Get Wide Attention
- APEC Leaders Vow to Maintain Free Trade System