A February 2024 ransomware assault on UnitedWell being-owned well being tech firm Change Healthcare stands as the most important information breach of well being and medical information in U.S. historical past.
Change Healthcare confirmed in January 2025 that its information breach impacts roughly 190 million folks in America, virtually double the corporate’s earlier estimate.
The firm mentioned it has notified thousands and thousands of people by mail that their private and well being data was stolen by cybercriminals, and printed a separate public discover for anybody whose contact data couldn’t be discovered.
Change Healthcare processes billing and insurance coverage for tons of of hundreds of hospitals, pharmacies and medical practices throughout the U.S. healthcare sector. As such, the corporate collects and shops huge quantities of extremely delicate medical information on sufferers within the United States. Following a sequence of company mergers and acquisitions, Change Healthcare grew to become one of many largest processors of U.S. well being information, dealing with as many as half of all U.S. well being transactions.
Here’s what has occurred because the ransomware assault started.
February 21, 2024
First report of outages as safety incident emerges
It appeared like an atypical Wednesday afternoon, till it wasn’t. The outage was sudden. On February 21, billing techniques at docs places of work and healthcare practices stopped working, and insurance coverage claims stopped processing. The standing web page on Change Healthcare’s web site was flooded with outage notifications affecting each a part of its enterprise, and later that day the corporate confirmed it was “experiencing a network interruption related to a cyber security issue.” Clearly one thing had gone very improper.
It seems that Change Healthcare invoked its safety protocols and shut down its total community to isolate intruders it present in its techniques. That meant sudden and widespread outages throughout the healthcare sector that depends on a handful of corporations — like Change Healthcare — to deal with healthcare insurance coverage and billing claims for huge swathes of the United States. It was later decided that the hackers initially broke into the corporate’s techniques over per week earlier, on or round February 12.
February 29, 2024
UnitedWell being confirms it was hit by ransomware gang
After initially (and incorrectly) attributing the intrusion to hackers working for a authorities or nation-state, UnitedWell being later mentioned on February 29 that the cyberattack was in actual fact the work of a ransomware gang. UnitedWell being mentioned the gang “represented itself to us as ALPHV/BlackCat,” an organization spokesperson advised TechCrunch on the time. A darkish internet leak web site related to the ALPHV/BlackCat gang additionally took credit score for the assault, claiming to have stolen thousands and thousands of Americans’ delicate well being and affected person data, giving the primary indication of what number of people this incident had affected.
ALPHV (aka BlackCat) is a identified Russian-speaking ransomware-as-a-service gang. Its associates — contractors who work for the gang — break into sufferer networks and deploy malware developed by ALPHV/BlackCat’s leaders, who take a minimize of the earnings collected from the ransoms collected from victims to get their information again.
Knowing that the breach was brought on by a ransomware gang modified the equation of the assault from the type of hacking that governments do — generally to ship a message to a different authorities as an alternative of publishing thousands and thousands of individuals’s non-public data — to a breach brought on by financially motivated cybercriminals, who’re more likely to make use of a wholly completely different playbook to get their payday.
March 3-5, 2024
UnitedWell being pays a ransom of $22 million to hackers, who then disappear
In early March, the ALPHV ransomware gang vanished. The gang’s leak web site on the darkish internet, which weeks earlier took credit score for the cyberattack, was changed with a seizure discover claiming that U.Okay. and U.S. regulation enforcement took down the gang’s web site. But each the FBI and…
