The BlackCat ransomware gang, which claimed to have hit Henry Schein with two cyberattacks within a 40-day period in 2023, may be responsible for the cybersecurity incident that led to the outage of the Change Healthcare payment exchange platform, according to news reports.
Though sources close to the investigation are blaming BlackCat, the crew has not yet claimed responsibility.
On February 21, UnitedHealth Group subsidiary Optum was struck by a cyberattack affecting Change Healthcare, causing billing disruptions at dental, medical, and pharmacies throughout the U.S. Since then, the company has been providing updates every few hours daily about the attack on a status page.
Since February 23, Optum has been updating the page with the same message, including that it “took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to.”
Furthermore, the company promised to be “proactive and aggressive” with all systems and will provide updates as more information becomes available. Each message has stated that the “disruption is expected to last at least through the day.”
In the meantime, dental practices using Change Healthcare should consider switching to other clearinghouses or using snail mail for claims. As the attack continues, those affected should stay informed and check eligibility and benefits through online portals, Teresa Duncan, an insurance expert, told DrBicuspid.com.
In late September 2023, BlackCat claimed responsibility for an attack on Henry Schein. On November 22, 2023, only slightly more than a week after its business operation and e-commerce sites were restored from the first attack that kept the company mostly paralyzed for about a month, BlackCat claimed to have struck again.
In the initial attack, BlackCat alleged that it lifted 35TB of sensitive data, which included payroll and shareholder information, and threatened to release the stolen data. In the November attack, Schein’s applications and e-commerce sites were affected. After six days, all of Schein’s systems were restored. The cybercrooks accessed the personal data of about 29,000 people.
Also known as ALPHV, BlackCat is a notorious crew that has reportedly victimized more than 100 organizations and has sought ransoms as steep as $1.5 million, according to the U.S. Health and Human Services Office of Information Security.
In December 2023, the FBI infiltrated the BlackCat/ALPHV ransomware operation, gaining access to decryption and other keys to help free some of its victims. After this action, members of the ransomware group promised retaliation, threatening to go after hospitals and other critical providers.