Change Healthcare attack that disrupted prescriptions blamed on BlackCat ransomware

The incident forced parts of the company’s infrastructure offline, and some login pages were unavailable, leaving some users unable to access their prescriptions.

Major campaign

TechCrunch has now disclosed that the attack was indeed ransomware, undertaken by none other than ALPHV (BlackCat), according to a “healthcare executive with knowledge of the incident, who was on the call briefed by the company’s executives." 

Reuters also linked BlackCat to the incident. The ransomware group hasn’t added Change Healthcare to its data leak site just yet, which could mean two things: either it wasn’t behind the attack, or it’s still negotiating potential ransom payout with the victim. Usually, hackers steal sensitive data during ransomware attacks and threaten to release it online, unless a payment is made. 

Given that Change Healthcare is a major US prescription medication processor, there are good chances that millions of customer's data was stolen. There is no confirmation that any data was stolen however, and Change Healthcare is yet to comment on the news.

The disruption is affecting more than just Change. Citing Michigan local papers, TechCrunch reported local pharmacies were experiencing outages. 

Scheurer Health announced on Facebook that it wasn’t able to process prescriptions through patient insurance due to the “nationwide outage from the largest prescription processor in North America.”

Change Healthcare claims to be handling 15 billion healthcare transactions annually, which would put it firmly as one of the largest health tech firms in the country. 

Next to LockBit and Cl0p, BlackCat is one of the biggest and most dangerous ransomware operators out there. 

More from TechRadar Pro

• U-Haul admits thousands of customers had data stolen in breach
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now