Millions of Americans had difficulty obtaining prescription medications last week thanks to a ransomware gang’s attack on the pharmaceutical industry. ALPHV, a Russian-speaking ransomware gang, is thought to have disabled a network responsible for directing insurance claims to pharmacies. The hackers reportedly stole patient data and forced the network to temporarily shut down, preventing patients from obtaining vital medications typically paid for by insurance.
UnitedHealthcare Group, one of the biggest health insurance entities in the United States, told the Washington Post on Friday that hackers had targeted Change Health, its “switch business.” Switch businesses like Change Health and CoverMyMeds route prescription claims between pharmacies and claims reviewers, who ultimately decide whether a patient’s prescription will be covered by insurance. When this process is interrupted, insurance coverage is taken out of the picture, and patients must decide whether to pay hundreds (if not thousands) of dollars out of pocket or go without their medications.
The hackers allegedly stole patient data from Change Health and encrypted company files. As is customary after ransomware attacks, the hackers demanded payment to relinquish control of Change Health information. This led the company to temporarily shut down its network as it recovers, impacting “more than 90 percent of the nation’s 70,000-plus pharmacies.”
While it’s often difficult to verify who’s behind a ransomware attack, a Russian-speaking gang known as ALPHV, ALPHV Blackcat, or Noberus has claimed responsibility for the incident. The group is said to have extracted over $300 million from notable targets like Caesar’s Palace and other healthcare entities. In December, the US Department of Justice announced that it had disrupted ALPHV’s ransomware-as-a-service ring and created a decryption tool for over 500 victims. But if anything shows the limitations of the DOJ’s campaign, it’s UnitedHealthcare’s current scramble to resurrect its switch business.
Exactly how much the hackers are demanding Change Health pay to recover its files is unclear. Security experts believe the incident is part of a larger trend involving cyberattacks on the healthcare industry. Over just the past few months, ransomware attacks on hospitals and outpatient treatment centers have misplaced hundreds of patients’ data across the web and disrupted life-saving surgeries.
