Ransomware attack affects more than 90% of 70,000 pharmacies across the US, hackers claim to have stolen 6TB of data

Attacks by a ransomware group called ALPHV (aka BlackCat) have been rampant in the United States for about a week. The attack had a major impact on American medical institutions until the response was completed on March 2, 2024, forcing more than 90% of the 70,000 pharmacies across the United States to change the way they process electronic claims. The ransomware attack group claims to have stolen 6TB of data on the dark web.

US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica

Ransomware gang claims they stole 6TB of Change Healthcare data

The target of the ransomware attack was Change Healthcare, a network service operated by Optum, a subsidiary of UnitedHealth, the world's largest healthcare company, that handles medical payment settlements and manages insurance claims.

Below is Optum's real-time update on their response to the ransomware attack and current situation report.

Optum Solutions Status - Update: Some applications are experiencing connectivity issues. Hover or tap here for updates.

The problem was first reported at 2:15 a.m. Eastern Standard Time on February 21, 2024. Optum worked to resolve the problem, but at 9:55 a.m., it predicted that the disruption would continue throughout the day. At 11:32 a.m. on the 22nd, it was reported that the problem was specific to Chage Healthcare and did not affect other UnitedHealth systems.

The response to the attack continued after that, and at 10:50 on February 29, it was revealed that the attack was carried out by ALPHV/BlackCat. At this point, the phrase 'disruption expected to continue throughout the day' that had been included in each report was finally removed.

On March 1, they launched a new instance and conducted test transactions, and by 1:00 p.m. service was restored for all users.

The impact of the cyberattack was widespread, with more than 90% of the 70,000 pharmacies across the US that used Change Healthcare having to change how they processed electronic claims, while a small number of patients reported being unable to fill prescriptions.

The cyber attack group claimed responsibility for the attack on the dark web, claiming to have stolen 6TB of data from Change Healthcare's network.

The data includes medical records, insurance records, dental records, payment information, personal information that can be used to identify individuals, and active personal information of the U.S. Army and Navy.

ALPHV/BlackCat was involved in more than 60 data leaks in just four months since it began operations in November 2021, and by September 2023 had obtained at least $300 million (approximately 45 billion yen) in ransoms from more than 1,000 victims.

The State Department is offering a reward of up to $15 million for information identifying ALPHV/BlackCat group leaders or individuals involved in the attacks.