- A high-profile ransomware gang is responsible for the outage that has paralyzed US pharmacies, Reuters reported.
- Blackcat is behind the attack on UnitedHealth Group's claims management arm last week, per the report.
- The outage has caused a major backlog in filling customer prescriptions.
A notorious gang of hackers is behind an outage that has disrupted pharmacy deliveries across the country for nearly a week, according to a new report.
The outage at Chain Healthcare, the payment management arm of healthcare giant UnitedHealth Group, was caused by a ransomware attack by hackers affiliated with Blackcat, Reuters reported, citing two unnamed sources.
Blackcat, also known as ALPHV, is responsible for several recent high-profile data breaches, according to law enforcement. Last year, hackers affiliated with the gang attacked Reddit, as well as casino operators Caesars Entertainment and MGM Resorts.
The gang was targeted by international law enforcement in December, who managed to seize several websites and digital decryption keys, according to Reuters. Blackcat hackers responded to the crackdown by threatening to extort critical infrastructure providers and hospitals.
Last week's attack on Change Healthcare forced its parent company to disconnect its own systems "to prevent further impact," according to UnitedHealth Group. Those outages have persisted through Tuesday, causing a backlog in prescription insurance claims, according to the American Pharmacists Association.
As a result, pharmacies across the country are experiencing a "significant backlog" for customer prescriptions.
"We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online," Change Healthcare said in a Tuesday update. "We will continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action and disconnect."
A UnitedHealth spokesperson said Tuesday that most pharmacies had already developed workarounds to claim processing that would help them "mitigate impacts" from the outage.
The insurer said it had a "high-level of confidence" that other data systems in its healthcare portfolio were not affected by the breach.
UnitedHealth said in an SEC filing last week that last week's breach was suspected to be "nation-state-associated." The company declined to comment to BI on whether that is still believed to be the case.
Blackcat has been linked with Russian hackers thought to have orchestrated a ransomware attack on the Colonial Pipeline in 2021, which sparked concerns that the group had the capability to "attack US critical infrastructure."
But experts aren't sure if the group responsible for last week's hack was sponsored by foreign actors. "As far as I am aware, they are financially motivated cybercriminals and nothing more," said cybersecurity analyst Brett Callow told Reuters.
UnitedHealth said that cybersecurity firms Mandiant (owned by Google) and Palo Alto Networks would head the investigation into last week's data breach.