Ransomware Group Cripples UnitedHealth Systems and Deliveries

The major health insurance provider UnitedHealth Group has confirmed that ongoing outages across its network and network of partners are due to a ransomware attack.

The company on Thursday has confirmed that the attack, which targeted IT systems and has left the organization crippled for over a week, was perpetrated by the "Blackcat" hacker group – most known for its high-profile attack on casino and resort MGM Grand in September 2023.

"We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action," said UnitedHealth, in a released statement on Thursday.

Along with disrupting internal systems, including payroll, the attack has also had a massive impact on patients. The hack has disrupted online pharmacy refills and insurance payments, and has hampered the home delivery of medication to many connected to its Change Healthcare subsidiary, which operates 67,000 pharmacies across the U.S.

The insurance group first publicly alerted the incident on Feb. 23 in a United States Securities and Exchanges filling and said that immediately after discovering the attack, "proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident."

In a short message posted online Wednesday and then quickly deleted, Blackcat took responsibility for the attack and said it had stolen millions of records, including health and insurance data, from the healthcare provider.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA), in response to the attack, have updated their joint advisory on the Blackcat group, providing more details on the operation and the group's main targeted victims.

"ALPHV Blackcat actors have since employed improvised communication methods by creating victim-specific emails to notify of the initial compromise," read the advisory. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023."

The joint statement also includes a list of mitigations organizations can take to minimize their risk of ransomware attacks, like those associated with Blackcat:

  1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
  2. Prioritize remediation of known exploited vulnerabilities.
  3. Enable and enforce multifactor authentication with strong passwords.
  4. Close unused ports and remove applications not deemed necessary for day-to-day operations.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Must Read Articles

Welcome to, the new site for healthcare IT Pros looking for insights on cloud and other cutting-edge IT tech.
Sign up now for our newsletter and don’t miss out! Sign Up Today