Massive cyberattack hits U.S. Big Pharma leaving tens of thousands of prescriptions unfilled
By bellecarter // 2024-02-28
 
Tens of thousands of pharmacies across the United States were not able to fill prescriptions for nearly a week because of a cyberattack on a unit affiliated with America's biggest health insurer, United Health Group (UHG). According to the health insurance company, the hack, which began on Wednesday, Feb. 21, has been suspected as a "state-sponsored attack." The attack on Change Healthcare, a division of United's Optum, appeared to be by a foreign country, according to two senior federal law enforcement officials. UHG said in a federal filing that it had been forced to disconnect some of Change's digital network from its clients, and as of Monday, had not been able to restore all of those services. It was unclear as to how many patients were affected but United covers 7.7 million customers nationwide. As per federal records, the disturbance has been widespread, including for U.S. military overseas. Healthcare data, especially patients' personal information, including their private medical records were left vulnerable. Hundreds of breaches at hospitals, health plans and doctors' offices are being investigated as well. This is because Change acts as a digital intermediary to help pharmacies verify a patient's insurance coverage for their prescriptions, and some reports indicate that people have been forced to pay in cash. After they found out about the hack, the company shut down several services, including those allowing pharmacies to quickly check what a patient owes for a medication. Some hospitals and physician groups that rely on Change for billing to get paid may also be affected. The incident coincided with a nationwide cell outage at AT&T back on Thursday, which left more than 70,000 customers without cell service. There is no evidence that the two events are related, but the Federal Bureau of Investigation (FBI) and Homeland Security are already investigating the latter. (Related: HACKING THE HACKERS: FBI, law enforcement agencies from 11 other countries shut down ransomware websites of notorious cybercriminal group.) CVS Health, which has more than 9,000 pharmacies, said that the hack meant that, in certain cases, it was unable to process insurance claims. "We're committed to ensuring access to care as we navigate through this interruption," the company's statement said. Meanwhile, Walgreens said a small percentage of its prescriptions may be affected, but that the company had safeguards in place to process and fill them "with minimal delay or interruption." Publix Super Markets posted on social media that some users complained of issues when trying to fill their prescriptions. "This is a nationwide disruption," Publix said in a response to one inquiry on X, formerly known as Twitter. Other companies including GoodRX and BlueCross BlueShield of Montana also flagged potential disruptions. "We apologize for any outages you have been experiencing while at the pharmacy," GoodRx wrote on X. "Unfortunately, the issue is an external one impacting both GoodRx and a multitude of providers." Meanwhile, Naval Hospital Camp Pendleton wrote on X: "Due to an ongoing enterprise-wide issue, all Camp Pendleton and associated pharmacies are unable to process any prescription claims.' 'We are only able to assist patients with emergency and urgent prescriptions from hospital providers at this time." Independent pharmacies also reported issues. "Please be patient with us and all of the pharmacies affected by this," Dayton Drug and Wellness, a community pharmacy in Dayton, Tennessee, wrote on its Facebook page. "There have been/will be delays until this resolves," Skippack Pharmacy in Skippack, Pennsylvania, said in another message posted to the said platform. "Pharmacies around the country are affected. There have been/will be delays until this resolves."

Experts: The BlackCat ransomware group caused the outage

Tech website TechCrunch reported that the cyberattack that disrupted hospitals and pharmacies from filling prescriptions for days was caused by the BlackCat ransomware group. A healthcare executive with knowledge of the incident, who was on the call was briefed by the company's executives. Meanwhile, Reuters was the first to report the news linking the cyberattack to the ransomware, citing two people familiar with the incident. BlackCat, also often referred to as ALPHV, has not yet publicly claimed responsibility for the cyberattack, according to the news outlet. Ransomware and extortion gangs typically publish portions of a victim’s stolen data to extort a ransom demand. Ransomware attacks typically scramble a victim’s files and demand a ransom to receive the decryption key. Newer cyberattacks often involve cybercriminals stealing a victim’s data before encrypting it. The accuracy of UHG's cyberattack attribution remains unclear, as cybersecurity researchers have not previously linked the BlackCat gang to a nation-state or government. Head over to CyberWar.news to find more stories related to cyber-attacks and terroristic hacking.

Sources for this article include:

DailyMail.co.uk NYTimes.com TechCrunch.com