The recent ransomware attack on Change Healthcare and UnitedHealth Group by the BlackCat ransomware gang has caused significant disruptions in the US healthcare sector.


The attack involved stealing patient data [9], encrypting company files [9], and demanding a $22 million ransom [4]. This led to delays in prescription processing, challenges in patient care, and disruptions in claims and payments for pharmacies and hospitals [7]. The US Department of Health and Human Services (HHS) is investigating the incident to determine if protected health information was breached and if HIPAA compliance was met. The Office for Civil Rights (OCR) is leading the investigation due to the unprecedented magnitude of the attack [2], with OCR Director Melanie Fontes Rainer stressing the importance of protecting patient and provider interests [3]. The American Hospital Association (AHA) has labeled this attack as the most significant in US healthcare history, with providers facing difficulties in providing patient care, filling prescriptions [2] [7] [9], submitting insurance claims [2], and receiving payment for services [2]. Ransomware and hacking are identified as primary cyber-threats to the healthcare industry [6], with a significant increase in large breaches involving hacking and ransomware over the past five years [6]. UnitedHealth Group has confirmed that the ransomware group BlackCat was responsible for the attack [6]. Systems are expected to start coming back online in mid-March [6], with UnitedHealth Group cooperating with the OCR investigation and working to restore systems and protect data [6] [9]. Federal civil rights investigators are looking into whether protected health information was exposed in the attack on Change Healthcare [5] [8], with the Office for Civil Rights examining whether laws protecting patient privacy were followed. Change Healthcare provides technology used to submit and process insurance claims [5], handling about 14 billion transactions a year [5]. The investigation was prompted by the unprecedented magnitude of the attack [2] [5], according to OCR Director Melanie Fontes Rainer. UnitedHealth Group [1] [5] [7] [9], the owner of Change Healthcare [5], stated that it would cooperate with the investigation and is working with law enforcement to assess the extent of the attack [5]. Attackers gained access to some of Change Healthcare’s information technology systems last month [5], causing disruptions in billing and care-authorization systems nationwide [5]. The American Hospital Association reported delays in patient care [5], including issues with prescriptions [5], claims processing [5] [7] [8], billing [2] [5] [8], and insurance coverage verification [5]. Change Healthcare announced that its major pharmacy and payment systems are back online [5], with plans to restore connections to its claims network and software by March 18 [5]. Cybersecurity experts note a significant increase in ransomware attacks in the healthcare sector in recent years [5]. Federal officials are investigating the Change Healthcare cyberattack [1] [4] [6], including its parent company [1] [9], UnitedHealth Group [1] [5] [7] [9], for potential violations of HIPAA [1]. The Office of Civil Rights is looking into the incident [1], which has caused widespread disruption to hospitals and healthcare providers nationwide [1], posing a direct threat to patient care [1]. UnitedHealth Group is working on restoring connectivity to the medical claims network after being targeted by the ransomware group known as “Blackcat” [1]. The health department is accelerating Medicare payments to healthcare providers and urging payers to advance payments and relax deadlines for claims and appeals [1].


The ransomware attack on Change Healthcare and UnitedHealth Group has had significant impacts on the US healthcare sector, leading to disruptions in patient care, billing processes, and insurance claims [2] [5] [8]. Moving forward, it is crucial for healthcare organizations to enhance their cybersecurity measures to prevent future attacks and protect patient data. The investigation by federal authorities highlights the importance of compliance with HIPAA regulations and the need for swift action to address cybersecurity threats in the healthcare industry.