These foreign hackers have just shut down large hunks of the U.S. healthcare system

Photo by Tima Miroshnichenko from Pexels

As the world gets more dependent on the internet and computers, we have also become more vulnerable.

Criminal hacking enterprises are costing businesses millions and making life inconvenient for far too many people, but it’s also putting people at serious risk.

Now this foreign-based hacking ring has gotten into the U.S. healthcare system, and it’s putting lives in danger.

Ransomware gang admits to healthcare attack

A massive ransomware attack affected insurance giant UnitedHealthcare Group’s Change Health business unit.

The unit routes prescription claims from pharmacies to companies to determine whether or not patients have insurance coverage and what portion of the cost they’re responsible for paying.

In the attack, the hackers stole data about patients and encrypted company files, then demanded that a sum of money be paid to unlock them.

The attack prompted UnitedHealthcare to shut down most of its network until the issue could be resolved.

Change Health and another rival company called CoverMyMeds are two of the biggest in the country’s “switch businesses,” which charge pharmacies a small fee after they send claims to insurers.

Patrick Berryman, Senior Vice President at the National Community Pharmacists Association, said, “When one of them goes down, obviously it’s a major problem.”

As a result of the attack, millions of patients across the country could not get their prescriptions filled at all, or they could not afford them since there was no way to process their claims to receive the discounted price. 

ALPHV, a well-known, Russian-speaking ransomware ring, has claimed responsibility.

The severity of the attack has highlighted weak spots in America’s aging, critical infrastructure, and it all comes three years after a ransomware attack on Colonial Pipeline caused a massive shutdown of one of the biggest fuel pipelines in the country.

During that attack, service gas stations, primarily those in the eastern part of the country, ran out of fuel as consumers swarmed to get their gas before the stations ran out.

Officials and international partners have said they’re working on operations to combat the issue, including hacking the gangs and taking over their chats with business associates.

In some cases, they are making arrests.

ALPHV poses a serious threat

The Russian-speaking hacker group is now one of the largest in the world performing “ransomware as a service,” and they split extortion money with affiliates who do the actual hacking.

Those affiliates install ALPHV’s BlackCat ransomware program, after which ALPHV takes care of making the threats and working on negotiations.

In total, the group collected over $300 million when they hit high-profile targets like Caesars Palace in Las Vegas, Nevada.

The Justice Department said it had hacked ALPHV and recovered hundreds of decryption keys so victims could get their data back without having to pay a ransom in December 2023.

However, the move did very little to stop ALPHV, which appeared on a different site days later and announced it would exact revenge, inviting affiliates to break into more vulnerable targets in America.

Chris Krebs, former Head of the U.S. Cybersecurity and Infrastructure Security Agency, said, “If you want permanent, long-lasting impacts, it is going to require taking some of these guys off the playing field. But there’s more guys waiting in the wings.”

Informed American will keep you up-to-date on any developments to this ongoing story.