Skip to main content
Email

The latest news in Healthcare IT – straight to your inbox.

Home
  • Main Menu
  • Subscribe
  • Topics
    • Video
    • Analytics
    • Artificial Intelligence
    • Cloud Computing
    • EHR
    • Government & Policy
    • Interoperability
    • Patient Engagement
    • Population Health
    • Precision Medicine
    • Privacy & Security
    • Telehealth
    • Women In Health IT

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition
Global Edition
Privacy & Security

Change Healthcare begins to restore service after cyberattack – as lawsuits begin

Also: The ALPHV BlackCat ransomware group may have faked a second government takedown, while the extent of the protected-data leak is still unknown.
By Andrea Fox
March 08, 2024
03:47 PM

Photo: Reza Estakhrian/Getty Images

As it begins to recover from the Change Healthcare cyberattack, UnitedHealth Group said this week that it is enabling its Rx Connect, Rx Edit and Rx Assist services for customers who have configured direct internet access connectivity.

UnitedHealth also offered what it says is a timeline for full restoration of Change Healthcare's services.

"We expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week," the company said in an announcement posted to its website about the cyberattack, which began on February 21.

Here's a roundup of other news related to the weeks-long attack – including a new wave of lawsuits from customers impacted by the breach, news on BlackCat ransomware group's current status and expert perspective on why UnitedHealth may have paid the ransom.

ALPHV fakes left after $22M in Bitcoin paid 

According to Recorded Future News Friday, the Department of Justice, Europol and the U.K. National Crime Agency – all part of a December takedown of BlackCat ransomware – denied any involvement in a new takedown notice posted on ALPHV's website. 

“This tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny,” Reegun Jayapaul, principal at Trustwave said in the story.

One BlackCat ransomware affiliate reportedly claimed that after getting the $22 million payment, ALPHV leaders shut down and effectively stole the entire ransom from their affiliates to make the Change Healthcare breach their last hurrah.

Ngoc Bui, a cybersecurity expert at the firm Menlo Security told Healthcare IT News by email this week that it's "highly likely" that ALPHV/BlackCat was responsible for the attack and that "the blog site discussing these matters appears to use a fake seized landing page, possibly indicating an exit scam by hackers." 

The reason for this is the "ransomware group may have taken the money and deactivated servers to avoid law enforcement attention," he said.

Patient delays, privacy, pending lawsuits

Meanwhile, Axios reported Wednesday that the first post-cyberattack patient lawsuits are beginning to emerge, focusing on loss of access to vital prescriptions and treatments.

However, the potential to expose data exfiltrated in the attack, which could be 6TB of data, is also a concern for UHG. The cybercriminals alleged that the stolen data includes protected information held by the U.S. military's Tricare healthcare program, Medicare, CVS Caremark, MetLife, Health Net and others, a Bleeping Computer report said on February 28.

"There are concerns that Change Healthcare's operations might affect the healthcare data of many Americans, given its extensive services and expertise in processing healthcare data," Bui noted.

Stolen data could have far-reaching effects down the line.

"Healthcare information is the most sought after and highest resalable data by attackers and on the dark web because it can be used in so many ways to perpetrate fraud," noted Kurt Osburn, director of risk management and governance at NCC Group, a global cybersecurity consulting firm, in a statement sent by email.

Protecting assets and information is expensive, and takes additional staff and managed services, he said. Most healthcare organizations fail to implement risk-analysis and risk-mitigation tools due to costs.

Michael McLaughlin, principal and cybersecurity and data privacy practice group coleader at the legal firm Buchanan Ingersoll and Rooney, said in an email Thursday that while UHG, which owns Optum's Change Healthcare, has not disclosed the full extent of the data breach, one class-action suit alleges the types of data exfiltrated.

The suit, filed in federal court in Minnesota, claims the ransomware group took personally identifiable information, medical records, dental records, payment information, claims information, patients’ information (i.e. phone numbers, addresses, Social Security numbers and email addresses), insurance records, patient health information and more. 

McLaughlin said that the suit bases the data on the group's claims about its role in the Change cyberattack, and advised taking it with grains of salt.

"I would urge caution in relying on statements of the ransomware actor about the types of data impacted," he wrote. The ransomware actor likely sampled files indicating sensitive information may be contained within "and based their statement on that cursory review," he said.

"This is in no way representative of the data as a whole," said McLaughlin.

Breach magnitude? Too soon to tell

"UHG paying the ransom is not indicative of the sensitivity of the data," McLaughlin said.

He explained that he believed that UHG’s decision to pay likely was primarily driven by the need to resume business operations as quickly as possible "rather than to protect the data from further exposure."

Widespread reports of providers straining in the outage have a number of organizations, like the American Medical Association, appealing to lawmakers in Washington, D.C., to release emergency funds to protect providers nationwide from the financial fallout.

UHG is likely investigating the full scope of the incident trying to understand the individuals impacted and the types of data involved, McLaughlin said. 

It's a resource-intensive process requiring advanced data mining and manual human review of "potentially millions of files."

"We will not know the full scope of the data involved until this process is complete and UHG conducts its notifications of impacted individuals, in accordance with state laws and federal regulations," he said.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Topics: 
Claims Processing, Compliance & Legal, Privacy & Security

More regional news

Patient does a virtual care consult

Castlight Health intros virtual urgent care for members

By
Mike Miliard
April 18, 2025
HIMSSCast logo

HIMSSCast: Should every healthcare organization have an AI strategy?

By
Mike Miliard
April 18, 2025
Nurse checks tablet to communicate on shift

Zoom launches agentic AI-powered mobile comms for frontline staff

By
Andrea Fox
April 18, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff

Most Read

Roundup: AI and cloud tackle cyber risk and improve workflows
Chinese health players begin integrating DeepSeek
DEA's draft special telehealth reg rule should be tossed, healthcare orgs say
Lack of AI governance poses threat to data security, new HIMSS research shows
Judge blocks Trump orders on halting grants over DEI
SingHealth doubles down on AI integration

Research

White Papers

More Whitepapers

Telehealth
Create secure, connected omnichannel communications
Telehealth
Let us guide you to HIPAA compliance
Cloud Computing
How a cloud communications platform puts connection at the center of care

Webinars

More Webinars

Analytics
Standby Eligibility and Claims Solutions: Diversify Your Risk & Ensure Business Continuity
Interoperability
Nursing Leadership, Operational Innovation, and Emerging Technologies with AONL
Artificial Intelligence
Loving the AI Revolution: How Automation is Humanizing Healthcare and Improving Provider Well-Being

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say
Home

More News

  • MobiHealthNews
  • Healthcare Finance News
  • Healthcare Payers News

Newsletter Signup

HIMSS25 European Health Conference & Exhibition
HIMSS25 European Health Conference & Exhibition
Get ready for knowledge-sharing, all the latest innovations, and in-depth demos with Europe's most influential healthcare community.
10 - 12 June, 2025 | Paris
Learn More
AI in Healthcare Forum
AI in Healthcare Forum
The HIMSS AI in Healthcare Forum cuts through the hype to showcase real-world examples illustrating the transformative potential, and realistic challenges of AI application across the care continuum.
10 - 11 July 2025 | New York
Learn More

Footer Menu

  • About
  • Advertise
  • Reprints
  • Contact
  • Privacy Policy

© 2025 Healthcare IT News is a publication of HIMSS Media

X

Topics

  • Video
  • Analytics
  • Artificial Intelligence
  • Cloud Computing
  • EHR
  • Government & Policy
  • Interoperability
  • Patient Engagement
  • Population Health
  • Precision Medicine
  • Privacy & Security
  • Telehealth
  • Women In Health IT

Career

  • Events
  • Jobs
  • Research Papers
  • Webinars

More

  • About
  • Advertise
  • Contact
  • Special Projects
  • Video

Regions

  • ANZ
  • ASIA
  • EMEA
  • Global Edition

The Daily Brief Newsletter

Get daily news updates from Healthcare IT News.

Search form

Top Stories

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff
HIMSSCast logo
HIMSSCast: Should every healthcare organization have an AI strategy?
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts