Security News > 2024 > February > ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack

The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group, causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back.

3000+ source code files for Change Healthcare solutions.

Optum has updated its security notice yesterday, stating that they are still working on restoring the impacted Change Healthcare systems, and assuring that Optum, UnitedHealthcare and UHG systems have not been affected.

On Tuesday, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Health and Human Services have published a joint cybersecurity advisory about the ALPHV/BlackCat group, noting their recent special focus on targeting US healthcare organizations.

"Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the agencies said, and speculated that it's a consequence of ALPHV/BlackCat administrator's post encouraging its affiliates to target hospitals after the December 2023 takedown.

After moving the victims' data on their Mega.nz or Dropbox accounts, they proceed to deploy the ransomware and encrypt the data.

News URL

https://www.helpnetsecurity.com/2024/02/29/alphv-blackcat-change-healthcare/