Zack Whittaker reports that the ongoing cyberattack at Change Healthcare has been confirmed as a ransomware attack, with executives of the firm linking it to AlphV (BlackCat). Reuters was the first to report the claimed attribution to BlackCat, but until now, there has been no confirmation from BlackCat.
Minutes ago, BlackCat informed DataBreaches that yes, they are responsible for the attack. DataBreaches has asked them if they are willing to share any additional details and will update this post if any are received.
The attack on February 21 has had major and ongoing impact on pharmacies and hospitals around the country as pharmacies have been unable to process prescriptions and payments. The firm’s most recent status update from last night explains:
Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue.
We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.