About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (April 24, 2024)

handle is hein.crs/govepke0001 and id is 1 raw text is: The Change Healthcare Cyberattack and Response Considerations for Policymakers Updated April 24, 2024 On February 21, 2024, UnitedHealth Group Incorporated disclosed that one of its companies' units- Change Healthcare-was experiencing a cyberattack. The BlackCat/ALPHV ransomware group-a Russia-linked cybercrime organization-claimed responsibility. Repercussions from this cyberattack are reportedly affecting some individuals' ability to access health care services nationwide. Attack Background In December 2023, the Department of Justice (DOJ) announced that it disrupted the operations of the BlackCat/ALPHV/Noberus ransomware group. The government developed a tool to help victims decrypt and regain control of their systems-saving them from paying an estimated $68 million in ransom payments. The Federal Bureau of Investigation (FBI) also disrupted BlackCat's infrastructure by infiltrating its systems and seizing websites. The Cybersecurity and Infrastructure Security Agency (CISA) worked with other federal agencies to update a ransomware advisory with technical indicators of compromise as well as mitigation strategies. Following the FBI's campaign, BlackCat declared that it would retaliate against the United States by targeting health care providers with ransomware. In the subsequent two months, BlackCat was able to reconstitute its infrastructure and compromise Change Healthcare. Change Healthcare facilitates transactions in the health care system (e.g., ensuring pharmacies receive payment from insurers for medications). BlackCat allegedly used stolen credentials to gain access to Change Healthcare's systems and deploy ransomware while also exfiltrating data. Upon discovery, Change Healthcare disconnected the affected system and took other systems offline to stem the ransomware's spread. The disruption of these networks has led to a cascade of real-world consequences across the nation, with individuals unable to leverage their insurance coverage for prescriptions and cash flow issues for pharmacies as payments were frozen. This ransomware attack bears similarities to the 2021 attack against Colonial Pipeline. Both attacks began with ransomware, led the victim to disconnect systems thereby causing operational disruptions, which resulted in physical consequences. Congressional Research Service https://crsreports.congress.gov IN12330 CRS INSIGHT Prepared for Members and Committees of Congress

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most