Earlier this year, UnitedHealth-owned health tech company Change Healthcare experienced one of the largest data breaches in U.S. history. The ransomware attack exposed sensitive health and personal information of millions of Americans. Here’s a detailed timeline of the events:

February 21, 2024: Initial Outages

On an otherwise ordinary Wednesday afternoon, billing systems at doctors' offices and healthcare practices suddenly stopped working, and insurance claims ceased processing. Change Healthcare's status page was inundated with outage notifications affecting every part of its business. Later that day, the company confirmed it was experiencing a network interruption due to a cybersecurity issue.

February 12, 2024: Initial Breach

It was later determined that hackers had initially breached Change Healthcare's systems over a week earlier, on or around February 12. In response, the company invoked its security protocols and shut down its entire network to isolate the intruders, leading to widespread outages across the healthcare sector.

February 29, 2024: Ransomware Gang Identified

Initially, the intrusion was incorrectly attributed to hackers working for a government or nation-state. However, on February 29, UnitedHealth confirmed that the cyberattack was the work of a ransomware gang known as ALPHV/BlackCat. This group is a known Russian-speaking ransomware-as-a-service gang. Their affiliates break into victim networks and deploy malware developed by ALPHV/BlackCat's leaders, who take a cut of the profits from the ransoms collected.

Impact and Response

The attack caused significant disruption, as Change Healthcare processes billing and insurance for hundreds of thousands of hospitals, pharmacies, and medical practices across the U.S. healthcare sector. The breach affected a substantial proportion of the U.S. population, with millions receiving notices that their personal and health information had been stolen.

Conclusion

This incident underscores the severe impact of ransomware attacks on critical infrastructure and the importance of robust cybersecurity measures. The breach at Change Healthcare serves as a stark reminder of the vulnerabilities in handling sensitive healthcare data and the need for continuous vigilance and improvement in security protocols.