Optum, a subsidiary of UnitedHealth Group, was hit with a ransomware attack leading to a significant outage that has impacted the Change Healthcare payment exchange platform, a critical component of the US healthcare system. The attack, believed to be orchestrated by the BlackCat/ALPHV ransomware group, has caused disruptions in prescription deliveries and various healthcare services across the United States.

According to a filing with the Securities and Exchange Commission (SEC), UnitedHealth Group identified a suspected nation-state-associated cyber threat actor accessing some of the Change Healthcare information technology systems on February 21, 2024.

As a precautionary measure, the affected systems were immediately isolated to contain and assess the situation. The company is actively collaborating with law enforcement, cybersecurity experts, and relevant authorities while notifying customers, clients, and government agencies about the incident.

Reuters, citing insider sources, linked the outage to the BlackCat/ALPHV ransomware gang. The attack, which began last week, compromised Change Healthcare's IT systems, leading to widespread disruptions in pharmacy services across the US.

In response to the attack, Optum shut down its systems, affecting multiple services of US healthcare organizations. However, the company reassured that Optum, UnitedHealthcare, and UnitedHealth Group systems are believed to be unaffected by the breach. Change Healthcare confirmed it is addressing the cybersecurity issue and is working to restore impacted systems.

“We are employing multiple strategies to restore the affected environment and prioritize security as we bring our systems back online,” stated a representative from Change Healthcare. “Our proactive measures will continue, and any suspected issues with the system will prompt immediate action, including disconnection.”

The BlackCat/ALPHV ransomware group, active since November 2021, has targeted various organizations globally, including industrial, defense, and commercial sectors. The FBI seized the group's Tor leak site on December 19, 2023, and the US Department of State has offered rewards totaling up to $15 million for information leading to the identification, location, arrest, or conviction of individuals associated with the ransomware operation.

Last week, a global law enforcement effort took down the infamous LockBit ransomware operation. However, it appears that the group is restoring its infrastructure and it even has claimed new victims.