Ransomware, MSSP, Breach, Vertical markets

UnitedHealth BlackCat Attack Cost is $872M in Q1

Credit: Adobe Stock Images

UnitedHealth Group said the ransomware hit on its Change Healthcare unit last February cost the company $872 million in the first quarter of 2024.

It’s the first time the company has made any type of public disclosure as to the material impact of the cyberattack. For all of 2024, UnitedHealth expects the full impact of the attack will run to $1.35 billion to $1.6 billion. So far, the clearinghouse said it has funneled some $6 billion in advance funding and loans to healthcare providers affected by the ransomware strike. It has not yet fully recovered from the cyber offensive, officials said.

The ALPHV/BlackCat ransomware crew has been fingered as the perpetrator of the attack. It's not known if BlackCat affiliates carried out the attack. (More on that later.)

A $22 Million Bitcoin Ransom?

According to multiple reports, blockchain data shows the company likely paid a $22 million in bitcoin ransom to the cyber crew behind the incident. If UnitedHealth did pay the ransom, no word has surfaced that it reported the action to the appropriate channels, including the Securities and Exchange Commission (SEC) and the Cybersecurity and Infrastructure Security Agency (CISA).

The earnings filing comes as the cyber crew threatens to offer black market buyers some four terabytes of data it claims to have stolen from the heist, including information belonging to pharmacy chain CVS and Medicare and personal patient information.

There’s an interesting twist to the cyber burglary. ALPHV’s kingpins reportedly pilfered the $22 million from the hacker who was personally involved in the attack on Change Healthcare. That hacker, who still had access to the data stolen from Change Healthcare during the attack, has now allegedly moved it to another gang known as RansomHub, reports said.

Ransomhub told Reuters that an affiliate of BlackCat gave the data to them after the hackers made off with the $22 million in bitcoin. Ransomhub refused to provide any information to solidify its claim. "We will not disclose any information," the hackers told Reuters.

Following the cyber attack, hundreds of physicians and pharmacies complained that UnitedHealth’s inability to restore its systems impaired their businesses, with many saying it cost them significant amounts of money. The attack cascaded to hundreds of pharmacies worldwide and impacted patient care as many doctors and other medical providers struggled with unpaid insurance claims.

AMA Study: Doctors Offices Lost Revenue

Indeed, a new study by the American Medical Association (AMA) found that 80% of physician practices lost revenue from unpaid claims, 85% have had to commit additional staff time and resources to complete revenue cycle tasks. Also, 51% have lost revenue from the inability to charge patient co-pays or remaining obligations. More than half of the 1,400 respondents said they had to use personal funds to cover practice expenses.

“The disruption caused by this cyber-attack is causing tremendous financial strain,” said AMA President Jesse Ehrenfeld. “These survey data show, in stark terms, that practices will close because of this incident, and patients will lose access to their physicians.”

For UnitedHealth, the attack forced it to spend significant amounts of time and money to repair the damage. UnitedHealth chief executive Andrew Witty said in a statement accompanying its first quarter earnings report that the company “continues to make significant progress” to restore the affected systems and services.

In an SEC Q1 filing, the health insurance and medical care services business reported a $1.4 billion quarterly loss across its portfolio that includes its Change Healthcare and Optum pharmacy businesses.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.

Related Terms

Attack Vector

You can skip this ad in 5 seconds