A ransomware group known as Blackcat was behind a cyberattack last week at UnitedHealth Group that has disrupted prescriptions across the country, Reuters reported Monday.
Blackcat actors employ a multiple extortion model of attack, the U.S. Justice Department says, with affiliates stealing sensitive data and seeking a ransom in exchange for decrypting the victim’s system and not publishing stolen data.
UnitedHealth Group disclosed the cyberattack Thursday, saying a nation-state associated cybersecurity threat actor had accessed some information technology systems at its Change Healthcare business in Tennessee. Reuters on Monday, citing unnamed sources familiar with the matter, pegged the attack to Blackcat.
UnitedHealth Group did not comment on the Reuters report. The Minnetonka-based health care giant said it has worked with pharmacies and health care providers to make sure patients still get the care they need.
“We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds,” the company said in a statement to the Star Tribune.
UnitedHealth Group operates UnitedHealthcare, which is one of the nation’s largest health insurers, as well as Optum, a health services business including a large pharmacy benefit manager (PBM) called OptumRx.
“Both OptumRx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions,” the company said. “Those patients have been immediately escalated and we have no reports of continuity of care issues.”
Pharmacies use the Change Healthcare systems to confirm health insurance coverage for prescriptions, including cost-sharing amounts owed by patients.