Change Healthcare attack that disrupted prescriptions blamed on BlackCat ransomware

Ransomware attack on a computer
(Image credit: Kaspersky)

Last week’s cyberattack against US health tech giant Change Healthcare may yet turn out to be ransomware after all.

The company recently posted a short announcement on its status update website, saying some applications were unavailable due to a “cyber security issue”. 

The incident forced parts of the company’s infrastructure offline, and some login pages were unavailable, leaving some users unable to access their prescriptions.

Major campaign

TechCrunch has now disclosed that the attack was indeed ransomware, undertaken by none other than ALPHV (BlackCat), according to a “healthcare executive with knowledge of the incident, who was on the call briefed by the company’s executives." 

Reuters also linked BlackCat to the incident. The ransomware group hasn’t added Change Healthcare to its data leak site just yet, which could mean two things: either it wasn’t behind the attack, or it’s still negotiating potential ransom payout with the victim. Usually, hackers steal sensitive data during ransomware attacks and threaten to release it online, unless a payment is made. 

Given that Change Healthcare is a major US prescription medication processor, there are good chances that millions of customer's data was stolen. There is no confirmation that any data was stolen however, and Change Healthcare is yet to comment on the news.

The disruption is affecting more than just Change. Citing Michigan local papers, TechCrunch reported local pharmacies were experiencing outages. 

Scheurer Health announced on Facebook that it wasn’t able to process prescriptions through patient insurance due to the “nationwide outage from the largest prescription processor in North America.”

Change Healthcare claims to be handling 15 billion healthcare transactions annually, which would put it firmly as one of the largest health tech firms in the country. 

Next to LockBit and Cl0p, BlackCat is one of the biggest and most dangerous ransomware operators out there. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.