The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late February.
This investigation is coordinated by HHS' Office for Civil Rights, which enforces the Health Insurance Portability and Accountability Act rules that protect patients' health information from being disclosed without their knowledge or consent.
Change Healthcare is the largest payment exchange platform used by doctors, healthcare providers, and patients in the U.S. healthcare system and by more than 70,000 pharmacies, while UHG has contracts with over 1.6 million health professionals and 8,000 healthcare facilities across all 50 U.S. states.
Even though UHG has brought some of the impacted systems back online after the crippling February ransomware attack, the resulting outage is still impacting operations across the U.S. healthcare industry, with the company estimating that it will be able to revive its payments platform on March 15 and medical claims network and software on March 18.
They said they stole source code for Change Healthcare solutions and sensitive information from many partners, including the U.S. military's Tricare healthcare program, the Medicare federal health insurance program, CVS Caremark, MetLife, Health Net, and many other healthcare insurance providers.
Sensitive data stolen from Change Healthcare's compromised systems allegedly includes information on millions of people, such as PII data, medical records, insurance records, dental records, payment information, claims information, and PII data of active U.S. military/navy personnel.
Earlier this month, BlackCat ransomware shut down in an exit scam amidst claims that they stole the $22 million ransom paid by Optum to the operator behind the Change Healthcare attack.
This wouldn't be unusual since BlackCat is believed to be a rebrand of the DarkSide and BlackMatter ransomware operations, with the former also shutting down after their attack on Colonial Pipeline in May 2021.
The ransomware affiliate behind the attack claims that they still have Change Healthcare's stolen data, indicating they may attempt to extort the company again.
The FBI says this ransomware gang raked in at least $300 million in ransoms from over 1,000 victims until September 2023, while the U.S. State Department now offers up to $15 million for tips that could help locate BlackCat gang leaders and anyone linked to the group's attacks.
BlackCat ransomware turns off servers amid claim they stole $22 million ransom.
Ransomware gang claims they stole 6TB of Change Healthcare data.
UnitedHealth subsidiary Optum hack linked to BlackCat ransomware.
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 13 Mar 2024 20:25:26 +0000