The Download
The infamous BlackCat/ALPHV ransomware group known for targeting healthcare systems has claimed responsibility for the attack on Change Healthcare, a division of United Health Group. You may not know Change Healthcare, but they are a critical component in most healthcare payments. Their payment exchange platform is used by over 70,000 pharmacies and their partners include the US Military Tricare healthcare system, Federal Medicare health insurance, CVS Caremark among other large healthcare systems. Company officials acknowledged the breach in the mandatory SEC disclosure Feb 21st, and it has continued for more than 9 days as the company is attempting to bring systems back online.
What To Do
The FBI, CISA, and HHS have warned companies in the healthcare sector to stay vigilant against more ransomware attacks by BlackCat and other ransomware gangs. Healthcare sector companies make for attractive targets both for their ability to pay and also the need to stay online and available because of patient safety.
Federal investigators have published indicators of compromise that link BlackCat's attack vectors to the ConnectWise ScreenConnect severe vulnerability. You should ensure your network and network services provider have adequately scanned and patched any residual vulnerabilities in ScreenConnect and other internet facing services.
For further reading: