Change Healthcare, a healthcare technology company owned by UnitedHealth Group, announced that a ransomware group claimed responsibility for a cyberattack that was first acknowledged on February 21. The company is assessing the impact of the attack and says it has affected billing and care authorization portals.
“Healthcare providers across the country are reeling from a cyberattack on a massive US healthcare technology company that has threatened the security of patients’ information and is delaying some prescriptions and paychecks for medical workers,” the Associated Press reported.
Change Healthcare manages healthcare technology pipelines, processing 14 billion transactions a year. The company said its investigation determined that Change Healthcare, Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected. Change also confirmed Thursday that ransomware group ALPHV, or Blackcat, made the breach. The company didn’t respond to a question about whether it paid or negotiated a ransom.
One of the most immediate impacts is that people are seeing delays in getting prescriptions, said American Hospital Association spokesperson Ben Teicher.
Cybersecurity experts say ransomware attacks have increased substantially in recent years, especially in the healthcare sector. This one comes on the heels of an attack last month on Lurie Children’s Hospital in Chicago, which had to take phone, email, and medical records systems offline.
“As far as we can tell, the attack is being contained,” said Allan Liska, a threat intelligence analyst at Recorded Future. “We don’t think it’s going to get worse. But when you have a critical system like this that’s down for an extended period…the longer it’s down and the longer that recovery takes, the more impact it’s going to have on patient care.”