Change Healthcare incident drags on as report pins it on ransomware group

Healthcare IT platform Change Healthcare continued Tuesday morning to push out a now-familiar alert about a “cyber security issue” that disrupted pharmacy services nationwide, as a news report said the incident was an attack by a ransomware gang.

As it has for several days on a security updates page, Change Healthcare’s parent company, Optum, says some services might remain disconnected as it continues to be “proactive and aggressive with all our systems.”

Reuters reported Monday that the Blackcat/AlphV ransomware group was responsible for the incident, and that Google’s cybersecurity unit, Mandiant, was involved in the response. The gang’s malware has been linked to attacks on multiple large targets worldwide, including MGM Resorts in 2023.

Nashville-based Change Healthcare first announced the disruption last week. Health insurance giant UnitedHealth Group, the parent company of Optum, initially said on February 21 in an 8-K filing with the Securities and Exchange Commission that “a suspected nation-state associated cyber security threat actor” carried out the attack.

Change Healthcare has been silent on the matter, other than repeating the daily alerts. U.S. federal agencies did not respond Tuesday morning to questions from Record Future News about the incident.

The American Hospital Association (AHA) and the nonprofit Health Information and Analysis Center (Health-ISAC) warned organizations on Monday to be careful about connections with Optum and Change Healthcare services. Pharmacies use Change’s network to verify customers’ insurance coverage.

“Ultimately, your organization should make its own determination on whether or not to block Optum specifically while considering all the risks and consequences of doing so,” Health-ISAC said in a bulletin to members.

After the incident came to light on February 22, patients publicly complained that they had trouble getting prescriptions filled without paying for them entirely out of pocket, and “pharmacies across the nation” were reporting significant backlogs, according to the American Pharmacists Association.

As of Tuesday morning, pharmacies and other healthcare operations were still facing problems, ABC News reported.

Change Healthcare completed a $7.8 billion merger in 2022 with Optum. Healthcare news site STAT reported that antitrust experts said the recent cybersecurity incident highlights the risks of having one conglomerate at the center of so many healthcare services.

The Blackcat/AlphV group was raided in an FBI-led international operation in December. Members responded by saying they would be more likely to target sensitive operations like hospitals and nuclear power plants.

Martin Matishak contributed to this story.