Adrian Johnson
TLDR:
• A Russian-speaking ransomware group, AlphV, took down the biggest US health care payment processor, causing major disruptions in the prescription market for 9 days.
• The attack targeted Optum, which provides a nationwide network called Change Healthcare, impacting pharmacies, health care providers, and patients trying to fill prescriptions.
In a nine-day-long cyberattack, a Russian-speaking ransomware group known as AlphV targeted the biggest US health care payment processor, Optum, causing major disruptions in the prescription market. Optum’s services were down, impacting pharmacies, health care providers, and patients trying to fill prescriptions for life-saving medications. The ransomware attack affected the processing of insurance claims, leaving many pharmacies struggling to determine costs covered by insurance companies and resorting to alternative services or offline methods.
AlphV, operating under a ransomware-as-a-service model, encrypted files of victims like Optum and shared the ransom proceeds with affiliates. The attack highlighted the ongoing threat ransomware poses to critical infrastructure in the US. The FBI and partner countries had previously seized parts of AlphV’s infrastructure, but the group remained active, causing significant disruptions. The outage at Change Healthcare, a subsidiary of Optum, underscored the devastating effects ransomware can have on critical infrastructure, as seen in previous incidents like the Colonial Pipeline outage.
The cyberattack against Change Healthcare disrupted 15 billion transactions, affecting eligibility verifications, pharmacy operations, and claims transmittals and payments. This outage, caused by AlphV, reflects the growing menace of ransomware groups like AlphV, which have collected millions in ransoms and targeted various industries, including casinos in Las Vegas. The incident served as a reminder of the urgent need to strengthen cybersecurity measures to protect critical infrastructure from such attacks in the future.
