Notorious ransomware group launched cyberattack on UnitedHealth Group

A ransomware group known as Blackcat was responsible for launching a cyberattack last week at UnitedHealth Group that resulted in nationwide disruption of prescription orders, Reuters reported Feb. 26.

Blackcat actors employ a multiple extortion model of attack, the Justice Department says, with affiliated stealing sensitive data and seeking a ransom in exchange for decrypting the victim's system and not publishing stolen data.

UnitedHealth Group disclosed the cyberattack Thurdsay, saying a nation-state associated cybersecurity threat actor had accessed some information technology systems at its Change Healthcare business in Tennessee. Reuters on Monday, citing unnamed sources familiar with the matter, pegged the attack to Blackcat.

UnitedHealth Group said it proactively isolated the impacted systems from other connecting systems, but pharmacies across the country have reported disruptions, as a result.

Pharmacies use the Change Healthcare systems to confirm health insurance coverage for prescriptions, including cost-sharing amounts owed by patients. Pharmacies say they are using back-up systems to make sure patients still can receive needed medications.

In a Monday morning message to system users, Change Healthcare said the problem has not yet been resolved.

"We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online...," the company said. "The disruption is expected to last at least through the day."

Blackcat is one of the most notorious of the internet's many ransomware gangs—groups of cybercriminals who encrypt data to hold it hostage with the aim of securing massive cryptocurrency payouts. It has previous struck major businesses including MGM Resorts International and Caesars Entertainment, Reuters said.