Since the recent attack on Optum, a service provider on the US healthcare platform “Change Healthcare”, US authorities have called on companies to report unusual activities to the Cybersecurity and Infrastructure Agency (CISA). It is also said that the Alphv ransomware gang has increasingly specialized in the healthcare sector. Alphv, or its offshoot Blackcat, was “primarily targeted at the healthcare sector,” according to a statement from CISA, the FBI and the US Department of Health.
Advertisement
Only recently Blackcat claimed responsibility for the cyber attack on Change Healthcare. CISA subsequently updated its “#StopRansomware” campaign. A cybersecurity incident guide has also been published and is intended to encourage those affected to heed the tips listed there, seek help and work with CISA. For example, the guide contains further links with contact details that victims can contact.
Attack on Optum spreads widely
It was previously announced that Optum – the operator of Change Healthcare – which is primarily used for transactions – was affected by a cyber attack. Since then, pharmacies in particular have been struggling with IT disruptions. The circle of users also includes insurance companies and other people involved in the healthcare system. Accordingly, there is a risk of a leak of numerous critical information, such as electronic patient files, payment information and others.
ALPHV/Blackcat ransomware responsible
Bleepingcomputer had discovered a corresponding entry for 7 TB of leaked data. This contains data from thousands of healthcare providers, insurance companies, pharmacies and others. Blackcat claims to have stolen the source code of the “Change Healthcare” solution and sensitive information from cooperation partners, including data from Tricare, a healthcare program for soldiers. A spokesperson for UnitedHealth Group, which owns Change Healthcare, confirmed to Techcrunch that Alphav/Blackcat ransomware is in play.
Since Change Healthcare has switched off the systems “to protect patient data”, military pharmacies worldwide are also affected; prescriptions, for example, are currently issued analogously. This emerges from a press release from Tricare. It is currently unknown when the problem will be resolved.
Rhysida: Ransom demand for children's data
In another case, the ransomware group Rhysida is demanding 60 Bitcoin – around 3.5 million euros at the current rate – for children's health data after a cyber attack on the “Lurie Children's Hospital in Chicago”, which cares for more than 200,000 children annually.
As a result of the cyber attack, the healthcare provider had to take its IT systems offline. In its press release from February 2nd, the US hospital referred to similar cases and also called an attack on the East Westphalia Catholic Hospital Association.
Update
29.02.2024,
18:24
Clock
Official information adds that Alphav/Blackcat is responsible for the cyber attack on Optum.
(mack)