There is evidence that the ransomware group behind the Change Healthcare breach, which has caused chaos for hospitals and pharmacies attempting to handle prescriptions, may have received $22 million from UnitedHealth Group.
Researchers studying security issues discovered a post made by an associate member claiming to be a member of the ALPHV/Blackcat ransomware group in a Russian forum used by cybercriminals. According to the member, Optum, a subsidiary of UnitedHealth Group, paid $22 million to obtain a decryption key and "prevent data leakage" to escape the continuous disruption at Change Healthcare, another UnitedHealth subsidiary.
After that, the forum post provides a link to a Bitcoin wallet that appears to have received 350 bitcoins. ALPHV, which mentions Recorded Future and TRM Labs as security companies, has also been linked to the same wallet.
Ironically, the affiliate member divulged claims that they were duped out of that $22 million by the administrators of ALPHV. The affiliate member continues, saying, "Be careful everyone, and stop dealing with ALPHV." They claim to still have 4TB of Change Healthcare stolen data.
A representative for UnitedHealth Group stated, "All I can share is that we remain focused on the investigation and recovery of our operations," in response to the alleged Bitcoin payment.
With no assurances that any of the stolen data will be erased, $22 million would rank among the largest ransomware payments if it turns out to be accurate. The current record holder is a $40 million payout made in 2021 by insurance behemoth CNA.
Additionally, the $22 million might give ransomware groups greater confidence to target the US health industry. For Change Healthcare, "connectivity issues" are still present on the platform two weeks after the ransomware outbreak started. Congressmen in the US were even moved by the disruption to request federal funding to cover the prescriptions' interim costs.
The latest provider group to call for action in response to the disruption brought on by the cyberattack is the American Medical Association.
The American Medical Association has requested that the Biden administration provide emergency funding to doctors impacted by the outage.
The AMA wrote to Health and Human Services Secretary Xavier Becerra that physician practices have been forced to go without revenue for the twelfth day due to the cyber-takedown of Change Healthcare.
The American Medical Association is pleading with Becerra to make use of all the powers at her disposal to guarantee the survival of medical practices and the provision of necessary treatment to patients.
Speaking out about the interruptions to payments and operations brought about by Change's cybersecurity compromise, the AMA joins the AHA and MGMA in this regard.
This "is not even a band-bid on the payment problems," the American Hospital Association stated in a letter dated March 4 to Dirk McMahon, president, and chief operating officer of UnitedHealth Group, in response to the company's offer of Temporary Funding Assistance Program to resume hospital payment operations.
In a letter to the Department of Health and Human Services, MGMA requested enforcement discretion, financial resources, and direction to prevent what it described as a worsening of the negative effects on medical groups.