2024 Change Healthcare ransomware attack

On February 21, 2024, the American company Change Healthcare, a division of UnitedHealth Group, was affected by a ransomware attack. The cyberattack shut down the largest healthcare payment system in the United States.

Attack
On February 22, 2024, UnitedHealth Group filed a notice to the Securities and Exchange Commission stating that a "suspected nation-state associated cybersecurity threat actor" gained access to Change Healthcare's information technology system. Following UnitedHealth Group's initial filing, CVS Health, Walgreens, Publix, GoodRX, and BlueCross BlueShield of Montana reported disruptions in insurance claims. The cyberattack affected family-owned pharmacies and military pharmacies, including Naval Hospital Camp Pendleton. Healthcare company Athenahealth was affected, according to Forbes.

On February 29, 2024, UnitedHealth Group confirmed that the ransomware attack was "perpetrated by a cybercrime threat actor who...represented itself to [the company] as ALPHV/Blackcat." In the same update, the company stated that it was "working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Networks" to address the matter.

On March 4, 2024, Reuters reported that a bitcoin payment equivalent to nearly $22 million USD was made to a cryptocurrency wallet "associated with ALPHV." UnitedHealth has not commented on the payment, instead stating that the organization was "focused on the investigation and the recovery." On the same day, a Wired reporter stated that the transaction looked "very much like a large ransom payment." . On April 30, 2024, UHG's CEO Andrew Witty confirmed in a statement that they paid the ransom. 

Response
On March 1, 2024, UnitedHealth Group's Optum division launched a Temporary Funding Assistance Program to help bridge the gap in short-term cash flow needs for providers who received payments from payers that were processed by Change Healthcare. The American Hospital Association (AHA) stated that the program was "not even a band-aid" on the payment problems identified by the company, citing its "onerous" terms and conditions including Optum's ability to recoup funds "immediately and without prior notification," and to "change the agreement simply by providing notice."

On March 5, 2024, the U.S. Department of Health and Human Services announced flexibilities for hospitals impacted by the attack. The American Hospital Association (AHA) was critical of these measures, stating that the proposed flexibilities were "not an adequate whole of government response."

On March 12, 2024, UnitedHealth CEO Andrew Witty was summoned to a meeting by the Biden administration, during which HHS Secretary Xavier Becerra and White House domestic policy chief Neera Tanden urged Witty and other members of UHG leadership to increase the amount of funding available to providers who have been impacted by the protracted outage. Healthcare providers from across the sector were also in attendance and voiced their concerns about the ongoing financial and operational impacts of the Change cyberattack.