AlphaV – the cyber-criminal gang temporarily disrupted last year by the FBI have been steadily working their way back to being a major player in the ransomware field.
Their latest attack has been against Change Healthcare, a division of United Health Group – the largest health insurer in the US and has seen prescriptions across the entire country delayed by a week, meaning some people having no medical supplies, or being forced to pay extortionate costs to buy medicines outside of their cover allowance.
In a filing with the US Securities and Exchange commission, United Health Group state that “On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.”
The company is releasing regular status updates at the below URL, although the updates seem to be a copy/paste of the same message every time:
https://status.changehealthcare.com/incidents/hqpjz25fn3n7
Change Healthcare handles over 15 billion transactions a year, representing as many as 1 in 3 U.S. patient records. These transactions involve not just prescriptions but dental, clinical and other medical needs of millions of US citizens. The company was acquired by UnitedHealth Group for $13 billion in 2022.
Huge impact
The cyber attack by AlphaV has caused widespread issues, including for overseas U.S. military personnel. Change Healthcare acts as a digital intermediary to helps pharmacies verify a patient’s insurance coverage for their prescriptions, and some reports indicate that people have been forced to pay in cash becuase the systems affected cannot be used to process these transactions.
Tricare, which covers the U.S. military, said its pharmacies in the United States and abroad are being forced to fill prescriptions manually. It continued to warn people this week of possible delays in getting medications.
A statement on the Tricare website states that “Military pharmacies will give priority to urgent prescriptions followed by routine prescriptions. Each military hospital and clinic will continue to offer pharmacy operations based on their local manning and resources. Please be patient while pharmacies take longer than usual to safely fill prescription needs.”
A number of pharmacy chains, including CVS Health and Walgreens have said the outage had knock-on effects on their businesses.
The American Pharmacists Association (APhA) said on Friday many pharmacies across the nation could not transmit insurance claims for their patients following the attack and that pharmacies were reporting significant backlogs of prescriptions which they were unable to process.
A statement by AlphaV suggests that they have managed to exfiltrate a large amount of data from a number of the companies within the group. United Health have not yet commented on the breadth of the attack.
