Reuters reports that the ALPHV/BlackCat ransomware operation allegedly targeted major U.S. healthcare revenue and payment cycle management provider Change Healthcare in a cyberattack that has resulted in a nearly week-long prescription processing outage in pharmacies across the U.S.
Such claims from two individuals close to the matter were not yet confirmed by Change Healthcare and parent firm UnitedHealth, as well as the ransomware gang. However, the sources noted that the investigation into the incident is being managed by Mandiant, which the cybersecurity firm has affirmed. Emsisoft threat analyst Brett Callow noted that linking the attack to ALPHV/BlackCat challenges UnitedHealth's claims that a state-backed threat operation had done the intrusion. "I am not aware of any links between ALPHV and a nation-state. As far as I am aware they are financially motivated cybercriminals and nothing more," Callow said. Such a development comes two months after ALPHV/BlackCat had its websites and digital keys seized in an international law enforcement takedown but the ransomware group warned of targeting hospitals and critical infrastructure organizations after retrieving the disrupted infrastructure.