Health care company ties Russian-linked cybercriminals to prescriptions breach

0
187
FILE - A prescription is filled, Friday, Jan. 6, 2023, in Morganton, N.C. A dose of patience may come in handy at the pharmacy counter this fall, as drug and staffing shortages haven’t gone away. Stores are starting their busiest time of year as customers look for help with colds and the flu. And this fall, pharmacists are dealing with a new vaccine and the start of insurance coverage for COVID-19 shots. (AP Photo/Chris Carlson, File)

A prescription is filled on Jan. 6, 2023, in Morganton, N.C. A ransomware attack is disrupting pharmacies and hospitals nationwide this week.

Chris Carlson/AP

A ransomware attack is disrupting pharmacies and hospitals nationwide, leaving patients with problems filling prescriptions or seeking medical treatment.

On Thursday, UnitedHealth Group accused a notorious ransomware gang known as Black Cat, or AlphV, of hacking health care payment systems across the country.

Last week, the top health insurance company disclosed that its subsidiary, Optum, was impacted by a “cybersecurity issue,” leading to its digital health care payment platform, known as Change Healthcare, being knocked offline. 

As a result, hospitals, pharmacies and other health care providers have either been unable to access the popular payment platform, or have purposefully shut off connections to its network to prevent the hackers from gaining further access. 

UnitedHealth says that as of Monday it estimated that more than 90% of 70,000 pharmacies in the U.S. have had to change how they process electronic claims as a result of the outage.

While the company has set up a website to track the ongoing outage, reassuring customers that there are “workarounds” to ensure access to medications, the outage could last “weeks,” according to a UnitedHealth executive who spoke on a conference call with cybersecurity officers, a recording of which was obtained by STAT News

After hiring multiple outside firms, including top cybersecurity companies Mandiant and Palo Alto Networks, UnitedHealth released its conclusion that BlackCat, or AlphV, is behind the breach, a conclusion bolstered by the group itself originally claiming credit on its dark web leak site. The post has since been taken down.

“Hacked the hackers”

However, the fact that the ransomware gang may be responsible is also something of a twist. 

Just a few months ago, the FBI broke into the groups’ internal servers, stealing information about decryption tools for victims and seizing control of several of its websites. The U.S. government celebrated the disruption, a major operation with multiple foreign governments involved. “In disrupting the Black Cat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco in a news release. 

Black Cat’s seeming ability to regroup and breach one of the largest health care entities in the U.S. demonstrates how challenging it is to hamper these groups long-term. 

Cybercriminals frequently reassemble after experiencing setbacks, particularly when their operators are located in countries whose law enforcement agencies are lax about prosecuting their crimes. 

That’s especially true in Russia. While researchers have not definitively tied BlackCat to Russia or its government, they’ve concluded it is a Russian-speaking group. U.S. intelligence officials have spoken frequently about the Russian government’s willingness to turn a blind eye to cybercrime, in exchange for the hackers’ service in intelligence operations. That has been especially true during the war in Ukraine.

In addition to the health care breach, Black Cat also recently claimed to have stolen classified documents and sensitive personal data about Department of Defense employees from U.S. federal contractors.

LEAVE A REPLY

Please enter your comment!
Please enter your name here