Optum's Change Healthcare confirmed Feb. 29 that it was hacked by a ransomware gang after the group claimed to have stolen massive amounts of data.
"Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat," an Optum spokesperson emailed Becker's on Feb. 29. "We are actively working to understand the impact to members, patients and customers."
Many of Change Healthcare's applications, which span revenue cycle management to prescription processing, have been down since Feb. 21, disrupting operations at hospitals, physician practices and pharmacies across the country.
ALPHV/Blackcat, aka BlackCat, claimed responsibility for the hack, posting on its dark web leak site that it stole 6 terabytes worth of Change Healthcare data involving "thousands of healthcare providers, insurance providers, pharmacies, etc," Bleeping Computer reported Feb. 28. The allegedly stolen data includes medical records, patient Social Security numbers, and information on active military personnel (Change serves some military healthcare facilities).
But as Politico noted Feb. 28: "Ransomware groups, which demand extortion payments in exchange for restoring or not publishing stolen data, often exaggerate their exploits as a negotiating tactic."
ALPHV/Blackcat, which has been linked to Russia, has been targeting the U.S. healthcare industry since December after the FBI disrupted its operations.
Change Healthcare said it is working with cybersecurity firms Palo Alto Network and Mandiant, a Google subsidiary, as well as law enforcement to address the cyberattack.