Excerpt from WashingtonPost Article, Published on Mar, 04, 2024

Millions of Americans are now dealing with exorbitant prices or the lack of access to life-saving medication as a result of a ransomware attack by a once-thought-to be crippled gang. UnitedHealthcare Group disclosed that its Change Health business unit fell victim to hackers, disrupting the processing of prescription claims from pharmacies to insurance coverage determinants. The cybercriminals accessed patient data, encrypted company files, and demanded payment for decryption, prompting a network shutdown as recovery efforts commenced.

Change Health and its rival, CoverMyMeds, dominate the switch business, charging pharmacies for directing claims to insurers, making any disruption a significant setback for patients, noted Patrick Berryman of the National Community Pharmacists Association. The breach, attributed to the ALPHV ransomware gang, adds to a series of recent attacks, including those targeting hospitals. This incident underscores the ongoing vulnerability of critical infrastructure, reminiscent of the Colonial Pipeline shutdown in 2021.

Despite law enforcement efforts to combat ransomware groups, including the December takedown of ALPHV, the impact on pharmacies remains severe. Independent stores face significant hurdles, while UnitedHealth estimates that over 90 percent of the nation’s pharmacies have adjusted their electronic claim processes due to the outage. CVS, among the largest pharmacy networks, acknowledges disruptions in insurance claims processing but assures the public of ongoing prescription services through alternative means.

FBI Deputy Assistant Director Brett Leatherman highlighted the agency’s approach, considering factors like victim assistance and technical support, emphasizing the success of interventions like those against ALPHV. The repercussions of the attack linger, showcasing the interconnectedness of digital infrastructure and the vulnerabilities therein. As pharmacies scramble to adapt and patients face uncertainty, the incident serves as a stark reminder of the persistent threat posed by ransomware in critical sectors.


To delve deeper into this topic, please read the full article in WashingtonPost .