UnitedHealth Says ‘Blackcat’ Group Behind Recent Hack

March 1, 2024

UnitedHealth Group said on Thursday the recent cyberattack at its tech unit, Change Healthcare, was perpetrated by hackers who identified themselves as the “Blackcat” ransomware group.

The statement confirms a Reuters report on Monday. UnitedHealth had initially blamed a “suspected nation-state associated cybersecurity threat actor” for the disruption.

The hack, disclosed last Wednesday, has had a knock-on effect on players across the U.S. healthcare system, as disruptions triggered by the attack have impacted electronic pharmacy refills and insurance transactions.

The company said its experts were working with law enforcement authorities and third-party consultants to gauge the impact on its customers and patients.

“We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action,” UnitedHealth said.

In a message posted on its darknet site, which was quickly deleted, the group known as “Blackcat” or “ALPHV” said on Wednesday it stole millions of sensitive records, including medical insurance and health data, from the company.

Related: UnitedHealth Hackers Say They Stole ‘Millions’ of Records, Then Delete Statement

Blackcat has not returned repeated messages from Reuters, including a request for comment on UnitedHealth’s confirmation statement on Thursday.

Blackcat is one of the most notorious of the internet’s many ransomware gangs – who encrypt data to hold it hostage with the aim of extorting massive payouts.

It has previously struck major businesses including MGM Resorts International and Caesars Entertainment.

The hack at MGM Resorts took place in September and caused a $100 million hit to the company’s third-quarter results.

Meanwhile, healthcare providers across the United States are struggling to get paid following the outage at UnitedHealth’s technology unit, with some smaller providers saying they are already running low on cash.