UnitedHealth Group paid $22 million to retrieve access to their data and systems encrypted by the Blackcat ransomware gang, according to a post on a hacker forum.
UnitedHealth refused to answer when asked whether the company paid the ransom and instead said it’s now “focused on the investigation and the recovery.” Blackcat has, similarly, neither confirmed nor denied the claims made in the post.
The forum where the post was uploaded is a known forum that’s highly popular among cybercriminals. The post was discovered by 2 researchers who reported on it earlier this week.
The forum post from Sunday linked UnitedHealth’s security breach to an associate of the Blackcat group. The post, allegedly from this associate, featured a link that showed a transfer of about 350 bitcoins, now valued at around $23 million because of the rising cryptocurrency value, moving from one digital wallet to another.
The individuals owning the involved digital wallets are not known to the public. Nevertheless, TRM Labs, a company specializing in blockchain analysis, reported that the wallet receiving the funds is connected to “AlphV,” known by another name, Blackcat. This connection was made based on observations of the same wallet address being used to gather ransom payments from several other victims of AlphV.
News of the hack first came late last month when UnitedHealth Group’s subsidiary, Change Healthcare, announced it had suffered a cyberattack that hindered its operations. The company, responsible for processing 15 billion health-related transactions annually, serves as a digital intermediary facilitating transactions between healthcare providers like doctors and hospitals, and insurers covering medical expenses and approving services.
The aftermath of the hack has seen disruptions in billing processes and prescription services for doctors, hospitals, and patients alike.
This has prompted US health authorities to call on insurance companies to implement measures to alleviate the digital congestion. HHS said it expected UnitedHealth to do “everything in its power to ensure continuity of operations.”