BlackCat Ransomware Outbreak Mauls Change Healthcare, Threatens US Medical Data Security

Buckle up, healthcare heroes and heroines—the ALPHV/BlackCat cybercrime gang is claiming a treasure trove of data from Change Healthcare. But take it with a grain of salt; these digital pirates love to inflate their loot’s legend. Amidst the digital wreckage, UnitedHealth is squinting at the horizon, murmuring, “We’re on it.”

Hot Take:

Well, it looks like the cybercrime fashion trend for Spring 2024 is blackmail chic. The ALPHV/BlackCat gang is strutting down the cyber runway, flaunting their latest collection of stolen data and disrupted healthcare services. Their claims are as inflated as a hot air balloon, but let’s not forget – even a broken clock is right twice a day. So, while we take their boasts with a grain of salt, let’s not sprinkle any on our wounds just yet.

Key Points:

  • ALPHV/BlackCat, the digital Bonnie and Clyde, claims responsibility for the cyberattack on Change Healthcare, affecting pharmacies and hospitals across the US.
  • The group boasts a data heist of over 6TB, but UnitedHealth Group, the parent company, plays it cool with a “we’re looking into it.”
  • More than 70,000 pharmacies that rely on Change Healthcare’s software are popping painkillers over this cyber headache.
  • The ransomware runway models listed Change Healthcare on their leak site, threatening to reveal sensitive data, possibly affecting military members and civilians alike.
  • US federal agencies issue a PSA to the healthcare sector: watch out, ALPHV is hunting for you, and not for a friendly game of tag.

Need to know more?

The Cat's Out of the Bag

Change Healthcare might need to change its name to Change Passwords because ALPHV/BlackCat has pounced. The cybercrime gang has claimed they've snatched more data than a kleptomaniac in a data store. While the UnitedHealth Group spokesperson is more tight-lipped than a clam with lockjaw, somewhere, a cybercriminal is probably swimming in a digital sea of stolen files like Scrooge McDuck.


Imagine walking into your local pharmacy only to find that the prescription system is more backed up than post-holiday traffic. Thanks to this cyberattack, pharmacies are feeling the pain, and not even their own stock of aspirin can make it go away. CVS and Walgreens might be considering a name change to "CV-So-Sorry" and "Wal-griefs" after this debacle.


As if the threat of publicizing sensitive data wasn't enough, the criminals behind the keyboard are hinting at the chaos that could ensue. With personal details of active military members and others on the line, this cyberattack reads like a bad soap opera plot - only, it's real life, and the stakes are as high as the criminals' confidence.

Cybercriminals Never Die, They Just Reboot

After a brief hiatus courtesy of the US government, the Darkside/Blackmatter spin-off, ALPHV, bounced back like a bad rash. They're targeting the healthcare sector with the enthusiasm of a kid in a candy store, and federal agencies are practically singing from the rooftops, warning hospitals to lock their digital doors and windows.

Prescription for Prevention

The FBI and pals are handing out cybersecurity tips like candy on Halloween. They're urging healthcare facilities to beef up their digital defenses, because, surprise, cybercriminals are more relentless than telemarketers. And the cherry on top? There's chatter that ALPHV might have waltzed through the front door via some "embarrassingly easy" to exploit bugs. Maybe it's time for a cybersecurity spring cleaning?

Meanwhile, Change Healthcare is issuing updates with the frequency of a teenager's social media feed, but just like that teen, they're not telling us everything. They assure us that their siblings, Optum and UnitedHealthcare, are safe, but the healthcare IT world is holding its breath. And as for the rest of us? We're just here, munching on popcorn, watching the cyber drama unfold.

Tags: ALPHV/BlackCat, Change Healthcare, critical infrastructure security, Cybercrime Tactics, data theft, Healthcare Data Breach, ransomware attack