Cybercriminal Group Claims Responsibility For Change Healthcare Attack

The group known by the names of Blackcat and Alphv says it exfiltrated 6 TB of data in the attack.

The cybercriminal group known by the names of Blackcat and Alphv claimed responsibility Wednesday for the disruptive cyberattack against Change Healthcare.

The Russian-speaking cybercriminal gang said on its darkweb site that it exfiltrated 6 TB of data in the attack against Change Healthcare, a unit of UnitedHealth Group’s Optum subsidiary.

A spokesperson for UnitedHealth Group said the company is aware of the claims and is looking into them.

The attack has disrupted U.S. pharmacies as well as other health-care facilities and offices.

Reuters had reported Monday that the attack involved the Blackcat ransomware strain.

The report linking Blackcat with the Change Healthcare attack—and now the apparent confirmation by the cybercriminal group—has raised questions about UnitedHealth’s initial attribution of the attack to a nation-state threat actor. The attribution was part of UnitedHealth’s disclosure of the incident to the U.S. Securities and Exchange Commission on Feb. 21.

The latest statement posted by Change Healthcare Wednesday does not contain any new information from its prior disclosures. “The disruption is expected to last at least through the day,” the statement read, repeating a line that was included in the statements of prior days.

The latest post also reiterated that Change Healthcare is taking “multiple approaches to restore the impacted environment.”

In a statement provided Tuesday to media outlets including CRN, UnitedHealth said it has seen “minimal reports” of patients being unable to access prescriptions.

In part, this is because more than 90 percent of pharmacies in the U.S. are believed to use “modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue,” the company said in the statement.