UnitedHealth says Blackcat is the reason healthcare providers are going unpaid

Health insurance provider UnitedHealth has identified Blackcat as the group behind a debilitating cyber attack that has disrupted healthcare providers nationwide, Reuters is reporting. The attack has led to more than a week-long outage of the the United-owned Change Healthcare system, disrupting payments at hospitals, clinics, and pharmacies across the nation.

Since Change Healthcare acts as a middleman between healthcare providers and insurance companies, the breach has hindered everyday transactions like electronic pharmacy refills and new insurance claims. The company first identified suspicious activity on its IT systems on February 21st, according to an SEC filing.

The breach could last for weeks, UnitedHealth Group Chief Operating Officer Dirk McMahon told STAT. The insurance company is setting up a loan program for healthcare providers in the meantime.

In a joint cybersecurity advisory, federal agencies including CISA and the FBI warned that Blackcat is now intentionally targeting the healthcare system. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized,” the agencies wrote.

The US government has even offered a combined $15 million reward for any actionable intelligence on the group’s whereabouts. An attempt by the FBI to seize Blackcat’s servers and sites last year seemingly failed —the group quickly regained control.

In a darknet message that was later deleted on Wednesday, Blackcat also claimed it stole millions of patient records, including sensitive medical and insurance data in the UnitedHealth breach, Reuters reported. The group also admitted, in the same message, to stealing data from Medicare, the military medical agency Tricare, and even CVS Health. No further details were provided about the timing of these breaches, and the message was reportedly deleted without explanation. Reuters was unable to reach the hackers or verify any of their claims.

Even the theft of sensitive records from UnitedHealth alone could impact millions of people. Change Healthcare handles nearly 1 in 3 patient records in the US, the American Hospital Association told HHS Secretary Xavier Becerra in a letter sent on Monday. “Any prolonged disruption of Change Healthcare’s systems will negatively impact many hospitals’ ability to offer the full set of health care services to their communities,” wrote AHA president Richard J. Pollack.

UnitedHealth is currently working with Google-owned Mandiant and cybersecurity software vendor Palo Alto Networks, CNBC reports. The company hasn’t indicated whether it plans to pay the ransom.