Ransomware
ThreatIntelReport / UnitedHealth Group congressional testimony
Primary Source βIncident Details
Affiliate of ALPHV/BlackCat breached Change Healthcare (UnitedHealth subsidiary) on Feb 11 2024 via stolen credentials on a Citrix portal lacking MFA. Spent 9 days in network before encrypting. UHG paid $22M ransom; affiliate withheld decryptor and sold data to RansomHub who extorted again. ~100 million individuals’ PHI exposed. Estimated cost >$1.5B. HHS opened HIPAA investigation March 2024. Largest healthcare cyber incident in US history.
Technical Details
- Initial Attack Vector
- CWE-308: Use of Single-Factor Authentication (compromised Citrix remote access lacking MFA)
- Vendor / Product
- Citrix remote access / Change Healthcare claims processing platform
- Malware Family
- ALPHV/BlackCat
Timeline
- 2024-02-11 Breach occurred
- 2024-02-21 Publicly disclosed
- 2024-06-20 Customers notified