Healthcare Havoc: BlackCat Ransomware Bites UnitedHealth’s Optum and Sparks Billing Bedlam

Healthcare billing chaos ensues as the notorious BlackCat ransomware claws into Change Healthcare, leaving UnitedHealth’s subsidiary Optum to pick up the cyber-shambles. Watch out for more updates—or bills in morse code.

Hot Take:

It looks like the BlackCat ransomware gang decided to sink their claws into the healthcare honeypot, leaving Change Healthcare with a bitter pill to swallow. While the cyber-kittens behind BlackCat are typically in it for the cheddar, whispers of “nation-state” make this hack sound like an episode of “Cyber Spooks.” Healthcare billing in chaos, secret Zoom briefings, and a high-stakes game of virtual hide-and-seek? Someone, cue the dramatic soundtrack!

Key Points:

  • UnitedHealth Group’s Optum hit by a cyberattack, with the BlackCat ransomware group named as the party pooper.
  • Change Healthcare, a key payment exchange platform, experiences a grand ‘ol outage, putting billing systems in a tizzy.
  • Nation-state hackers suspected, but the BlackCat hasn’t officially scratched its name on this one… yet.
  • Optum’s staying mum on system impact, while forensic experts play detective with the tech equivalent of a magnifying glass.
  • The FBI has BlackCat on their most-wanted list, with a juicy bounty for anyone who can lead them to the cyber feline’s lair.
Title: Authentication bypass using an alternate path or channel
Cve id: CVE-2024-1709
Cve state: PUBLISHED
Cve assigner short name: cisa-cg
Cve date updated: 02/21/2024
Cve description: ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Need to know more?

When the Cat's Away, the Hackers Will Play

Change Healthcare, not exactly living up to its name, has been a bit static since the cyber shenanigans began. The outage is causing quite the headache, with healthcare entities scrambling like they lost their stethoscope. Optum assures the world that its other systems are as clean as a hospital ward, but the jury's still out.

Ransomware, but Make It Fashion

Our dear friends at BleepingComputer have had their ear to the ground, picking up the juicy tidbit that a certain auth bypass flaw may have been the hackers' golden ticket. While the BlackCat gang hasn't taken a bow for their performance, the lack of a ransom note suggests they're still backstage, prepping for their big finale.

From DarkSide to Dark Wallets

BlackCat, much like a college student during finals week, seems to have pulled an all-nighter rebranding from DarkSide to BlackMatter, and now to ALPHV. Even after the FBI played whack-a-mole with their online presence, they're back with a vengeance and a shiny new leak site. Talk about having nine lives!

A Cyber Bounty Hunter's Dream

To add some extra zest, there's a hefty bounty for those who can snitch on the BlackCat bosses – up to $10 million! So, if you've got the scoop, you might just be able to retire early. Maybe buy an island, adopt some actual cats, and reminisce about the time you helped take down a cybercrime syndicate.

Tags: BlackCat Ransomware Group, Change Healthcare Outage, Healthcare Data Security, Healthcare IT Breach, nation-state hackers, Optum Cyberattack, Payment Exchange Disruption