A recent post on a hacker forum has brought to light a shocking claim that UnitedHealth Group paid a hefty $22 million ransom to regain access to its encrypted data and systems. The ransom was allegedly demanded by the notorious cybercriminal group known as Blackcat. However, neither UnitedHealth nor the hackers involved have officially confirmed or denied the ransom payment.
It is not uncommon for large companies facing ransomware attacks to opt for paying the hackers to restore control over their networks, especially when the disruption caused by the attack is significant. In this particular case, the forum post stated that a partner of Blackcat was responsible for infiltrating UnitedHealth’s systems. The post included evidence showing a transfer of around 350 bitcoins, which is currently valued at approximately $23 million, from one digital wallet to another.
While the identities of the wallet owners remain undisclosed to the public, TRM Labs, a blockchain analysis firm, revealed that the destination of the funds was linked to AlphV, also known as Blackcat. This address has been used in the past to collect ransom payments from other victims of the same cybercriminal group.
When approached for comment on the alleged ransom payment, UnitedHealth stated that their focus is on the investigation and recovery process. On the other hand, Blackcat has remained silent despite repeated attempts by Reuters to reach out to them. The cybercrime forum where the initial post was made is inaccessible, but screenshots shared by researchers like Recorded Future’s Dmitry Smilyanets have provided some insight into the situation.
The breach at UnitedHealth’s Change Healthcare unit has caused widespread disruption within the United States, with Blackcat claiming to have accessed and stolen sensitive records. The aftermath of the hack has left Change Healthcare’s billing services inoperable, leading to further complications for the U.S. medical system. The American Medical Association has urged the Biden administration to provide emergency funds to support physicians impacted by the outage.
As investigations into the ransom payment and cyberattack continue, the healthcare industry remains on high alert for potential security threats. The incident serves as a stark reminder of the growing challenges posed by cybercriminals and the importance of robust cybersecurity measures to protect sensitive data and systems.