What the Blackcat Hack on UnitedHealth Group Exposed

How did the Blackcat hack impact the US healthcare system? What vulnerabilities did it expose? How did UnitedHealth Group and the federal government respond to the breach?

A February cyberattack on Change Healthcare severely disrupted the healthcare system’s operation and exposed its vulnerability to cyber threats. The attack highlighted the sector’s systemic weaknesses, including outdated technology, a lack of dedicated cybersecurity staff, and inadequate emergency protocols.

Below we’ll look at the cyberattack, what happened in the wake of the attack, and what can be done to prevent it from happening again.

The UnitedHealth Breach

In one of the biggest cyberattacks in the US healthcare system’s history, UnitedHealth Group became a high-profile target in February, causing a crippling ripple effect throughout the system. The breach put hospitals, providers, and patients under significant financial stress and underscored gaping holes in healthcare cybersecurity.

What Happened 

On February 21, a Russian-speaking ransomware group, Blackcat, hacked Change Healthcare—a subsidiary of UnitedHealth Group (UHG) that handles roughly 50% of the country’s medical claims. Blackcat says they seized over six terabytes of data, including “sensitive” medical records. A suspected ransom payment of $22 million traced back to a Bitcoin address linked to the hackers.

The attack upended hospitals’ and pharmacies’ ability to process payments and prescriptions. The situation is particularly dire for independent healthcare providers, some of whom have had to borrow money to cover expenses and meet employee payrolls. The breach also forced many patients to pay for lifesaving prescriptions out-of-pocket.

Vulnerabilities Exposed 

Experts say the attack exposes the vulnerabilities of the healthcare sector to cyber threats. Weaknesses in the system stem from factors including:

• A lack of dedicated cybersecurity staff.
• Outdated medical equipment and technology.
• Healthcare consolidations—including UHG’s acquisition of the nation’s largest claims processing body—which create large-scale targets for cybercriminals, risk exposing vast amounts of patient data and financial systems, and present a serious national security threat.
• Inadequate backup systems and emergency strategies.

Experts warn that the attack also reveals the US government’s lack of appropriate emergency protocols and cybersecurity provisions for private organizations performing public services.

Industry and Federal Response

In response to the Blackcat cyberattack, UHG and the Department of Health and Human Services (HHS) took the following steps: 

UHG:

• Began testing and reconnecting systems to enable hospitals and doctors to submit insurance claims so payments could start flowing again.
• Offered advances on payments to hospitals and doctors based on pre-attack billing amounts to provide immediate financial relief.
• Relaxed prior-authorization requirements for its Medicare Advantage policies until the end of March to make it easier for providers to receive payment for care.

HHS:

• Advanced Medicare and Medicaid payments to hospitals.
• Urged private insurers to take similar action and relax or waive prior-authorization rules that complicate payment processes for providers.
• Recommended that providers switch from Change Healthcare to alternative vendors who could handle their claims. 
• Launched an investigation into the cyberattack. The investigation will focus on identifying the scope of the potential breach and assessing whether UnitedHealth and its Change Healthcare unit complied with federal law. UnitedHealth says it welcomes the inquiry. 

Critical Response to UHG and HHS Actions

Many health care providers feel that the responses from the Health and Human Services Department (HHS) and UnitedHealth Group (UHG) to the cyberattack have been insufficient. Their primary concerns revolve around the following points:

• The advance of Medicare payments primarily benefits hospitals rather than smaller, independent practices.
• Switching from Change Healthcare to other vendors is unrealistic—particularly for providers using Change’s claims processing tool or who can’t afford a break in cash flow during a potentially protracted changeover process.
• UHG and HHS’s financial relief programs don’t adequately address their needs.
• Providers lack critical information about the breach.

Looking Ahead 

Experts say the cyberattack on UnitedHealth Group underscores the pressing need for stricter regulations and substantial federal support to bolster cybersecurity in the healthcare industry. They further assert that to prevent future attacks the sector must prioritize cybersecurity, allocating more resources to protect against rising threats, hiring dedicated IT security teams, strictly following security protocols, and safeguarding patient data.

Want to fast-track your learning? With Shortform, you’ll gain insights you won't find anywhere else .

Here's what you’ll get when you sign up for Shortform :

• Complicated ideas explained in simple and concise ways
• Smart analysis that connects what you’re reading to other key concepts
• Writing with zero fluff because we know how important your time is

Start your free trial today!