Security News > 2024 > February > ALPHV/BlackCat claims responsibility for Change Healthcare attack

The ALPHV/BlackCat cybercrime gang has taken credit - if that's the word - for a ransomware infection at Change Healthcare that has disrupted thousands of pharmacies and hospitals across the US, and also claimed that the amount of sensitive data stolen and affected health-care organizations is much larger than the victims initially disclosed.

UnitedHealth owns the healthcare IT provider, and more than 70,000 pharmacies across the USA use its software to process insurance claims and fill prescriptions.

On Wednesday, the ransomware gang listed Change Healthcare on its leak site and claimed to have stolen massive amounts of data belonging to health insurers, medical providers, and pharmacies including Medicare and Tricare, CVS-CareMark, Health Net, Metlife and Teachers Health Trust.

"Anyone with some decent critical thinking will understand what damage can be done with such intimate data on the affected clients," the criminals threatened, adding that the stolen files number in the "Millions" and concern the personal data of active US military members and other patents, medical and dental records, payment information, insurance claims, and more than 3,000 source code files.

On Tuesday the FBI, US Cybersecurity and Infrastructure Security Agency and US Department of Health and Human Services warned hospitals and healthcare facilities that ALPHV is gunning for them.

While it's unknown how ALPHV gained initial access to Change Healthcare's systems, there has been speculation that it broke in via critical ConnectWise bugs, which are said to be "Embarrassingly easy" to exploit.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/29/alphv_change_healthcare/