blog post

Change Healthcare

In a turn of events that underscores the ever-evolving threat landscape in cyberspace, the recent ransomware attack on Change Healthcare has shed more light on the intersection of healthcare and cybercrime.

Change Healthcare, a pivotal player in the medical sector and a subsidiary of UnitedHealth Group, found itself in the crosshairs of a sophisticated cyber onslaught on February 21.

This attack wasn’t just another entry in the annals of cyber incidents; it was a formidable disruption that brought pharmacies, including those nestled within hospital walls across the United States, to a grinding halt. For over a week, the ripple effects of this attack have snarled the distribution of prescription medications nationwide, revealing the fragility of our healthcare infrastructure in the digital age.

The Plot Thickens

The plot thickened when a discord within the realms of the criminal underworld unveiled that the architects of this cyber chaos, AlphV or BlackCat, allegedly received a $22 million payment in ransom. This revelation came to light through Bitcoin’s blockchain, where on March 1, a transaction involving 350 bitcoins—equating to roughly $22 million at the time—was deposited into a Bitcoin address linked to AlphV. This sizable transaction, uncommon in its magnitude, hinted at a significant ransom payout.

Adding to the intrigue, an individual claiming to be an affiliate of AlphV, voiced grievances on the cybercriminal forum RAMP. This person alleged that AlphV had reneged on sharing the spoils from the Change Healthcare ransom, pointing to the conspicuous $22 million transaction as evidence of their duplicity. This internal strife provides a rare glimpse into the operations and disputes among cybercriminal syndicates.

Healthcare is in a Tight Corner

Change Healthcare acquiesced to the ransom demands, and while such a transaction is not commonplace, underscoring the severity of the situation and the desperate measures taken to resolve it. However, Change Healthcare remains tight-lipped, focusing on the ongoing investigation rather than discussing the ransom payment.

The involvement of AlphV, a group linked to other significant cyberattacks, and the apparent payout raises profound concerns about the precedent it sets, and the dangerous signal it sends to other ransomware groups eyeing the healthcare sector. The lucrative nature of these attacks will likely encourage repeated targeting of healthcare services, which are crucial to patient well-being.

The breach of Change Healthcare’s defenses not only exposed the company to financial extortion but also risked the privacy and security of data from numerous healthcare partners. Despite the ransom payment, the risk lingers that affiliated hackers, feeling shortchanged, may still possess sensitive medical information. This could lead to further extortion attempts or unauthorized data disclosures, compounding the initial breach’s fallout.

This incident is a stark reminder of the formidable capabilities of ransomware groups like AlphV. Despite being momentarily disrupted by law enforcement actions, such as the FBI’s seizure of their dark web sites in December, these groups demonstrate a disturbing resilience. The attack on Change Healthcare, following so closely on the heels of law enforcement success, illustrates the cyclical nature of the ransomware epidemic and the continuous threat it poses.

As the cybersecurity community and law enforcement grapple with what to do about it, the successful attack underscores the need for robust defenses and international cooperation.

The attack on Change Healthcare is not just a cautionary tale but should instead be a clarion call for a paradigm shift in how we protect and detect in an age where digital threats are killing public health and safety.

But who is going to do it and what will they do?


Steve King

Managing Director, CyberEd

King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He began his career as a software engineer at IBM, served Memorex and Health Application Systems as CIO and became the West Coast managing partner of MarchFIRST, Inc. overseeing significant client projects. He subsequently founded Endymion Systems, a digital agency and network infrastructure company and took them to $50m in revenue before being acquired by Soluziona SA. Throughout his career, Steve has held leadership positions in startups, such as VIT, SeeCommerce and Netswitch Technology Management, contributing to their growth and success in roles ranging from CMO and CRO to CTO and CEO.

Get In Touch!

Leave your details and we will get back to you.