UnitedHealth says BlackCat ransomware gang was behind cyberattack

Feb. 29 (UPI) -- The Russian-based BlackCat ransomware group is responsible for the continuing cyberattack against UnitedHealth's Change Healthcare division, the company confirmed Thursday.

Tyler Mason, vice president at UnitedHealth, said in a statement to TechCrunch that the cyberattack appears confined to the Change Healthcare division and so far the company investigation "has no indication" that UnitedHealthcare, Optum or UnitedHealth Group systems are impacted.


"Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants," Mason said. "We are actively working to understand the impact to members, patients and customers."

Change Healthcare said it was working with Google-owned Mandiant and cybersecurity software company Palo Alto Networks to respond to the attack.

ALPHV/BlackCat said it was responsible for the cyberattack in a post on the dark web that has since been deleted.

UnitedHealth Group said in an SEC filing that the cyberattack was discovered Feb. 21 and the company had discovered that "a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems."

The company said immediately upon discovering the attack impacted systems were isolated in an effort to contain, assess and remediate the incident.


In that filing, UnitedHealth said it "has not determined the incident is reasonably likely to materially impact the Company's financial condition or results of operations."

But cyberattacks can have real-world impact on patients when health systems are victimized, including taking diagnostic equipment offline or forcing ambulances to be diverted.

BlackCat is a ransomware gang claiming to have taken the health and patient information of millions of Americans.

Earlier this month the State Department offered up to a $10 million reward for information on leaders of the group.

The State Department is offering a $5 million reward for information leading to the arrest and conviction of those carrying out BlackCat ransomware attacks.

BlackCat's targets have included over a thousand entities including U.S. government facilities, healthcare, infrastructure, emergency services and manufacturing.

The FBI was successful in December using an encryption tool that let more than 500 victims restore their computer systems and save $99 in demanded ransom.

Latest Headlines