By Christopher Snowbeck, Mike Hughlett
Star Tribune
MINNETONKA, Minn. — A ransomware group known as Blackcat was responsible for launching a cyberattack last week at UnitedHealth Group that resulted in nationwide disruption of prescription orders, Reuters reported Monday.
Blackcat actors employ a multiple extortion model of attack, the Justice Department says, with affiliated stealing sensitive data and seeking a ransom in exchange for decrypting the victim’s system and not publishing stolen data.
UnitedHealth Group disclosed the cyberattack Thurdsay, saying a nation-state associated cybersecurity threat actor had accessed some information technology systems at its Change Healthcare business in Tennessee. Reuters on Monday, citing unnamed sources familiar with the matter, pegged the attack to Blackcat.
CYBERSECURITY:
- 4-step road map to maximize your cybersecurity ROI
- How to boost your organization’s cybersecurity, including getting grant funding
- Top 10 best cybersecurity practices for EMS agencies
- Why cybersecurity is important for EMS leaders
UnitedHealth Group said it proactively isolated the impacted systems from other connecting systems, but pharmacies across the country have reported disruptions, as a result.
Pharmacies use the Change Healthcare systems to confirm health insurance coverage for prescriptions, including cost-sharing amounts owed by patients. Pharmacies say they are using back-up systems to make sure patients still can receive needed medications.
In a Monday morning message to system users, Change Healthcare said the problem has not yet been resolved.
“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online...,” the company said. “The disruption is expected to last at least through the day.”
Blackcat is one of the most notorious of the internet’s many ransomware gangs — groups of cybercriminals who encrypt data to hold it hostage with the aim of securing massive cryptocurrency payouts. It has previous struck major businesses including MGM Resorts International and Caesars Entertainment, Reuters said.
CYBERATTACKS:
- Cyberattackers are coming for public safety; prepare now
- Cyber alert: Public safety systems are currently under attack
- EMS leaders should expect, prepare for cyberattack
- FBI, DHS, HHS warn of credible and imminent cyber threat to healthcare
- The ransomware epidemic: What EMS agencies need to know
©2024 StarTribune.
Visit at startribune.com.
Distributed by Tribune Content Agency, LLC.