By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
Could your business keep going if key services suddenly were offline, and if you were unable to get paid for your services? That would likely be problematic, right?
This is the situation faced by doctors across the nation after Optum’s Change Healthcare suffered a ransomware attack, causing them to shut down their networks on Feb. 21, 2024.
Change Healthcare is owned by UnitedHealth Group, the biggest healthcare company in the US. Change Healthcare provides payment processing, allows for checking of patient benefits, and manages patient medical records.
The attack has essentially ground much of the US Healthcare system to a halt as hospitals, doctors and pharmacies are unable to verify patient eligibility, unable to access medical records, and unable to receive payments.
According to reports, the attack appears to have been perpetrated by Russia based cyber gang ALPHV/Blackcat. March 1, security researchers noted that a $22 million amount was paid to a bitcoin wallet known to be owned by the gang.

That said, all is not well in cyber crime land … the affiliate claiming to be the one who actually executed the attack has been posting in forums on the dark web that he was not paid his share of the ransom, and the gang has been unresponsive to his requests for payment. It is unclear if this is part of an exit scam by the gang to make off with a huge payday, or an FBI takedown, or something else. Change Healthcare has not commented on the alleged ransom payment, stating that they are continuing to work on investigation and recovery.
Health care execs have been sounding the alarm for weeks about the huge strain this is putting on the healthcare sector. The Medical Group Management Association, which represents 15,000 medical practices, has warned of “devastating” financial effects from the cyber attack and of “significant cash flow problems” facing the healthcare sector. In addition, the ransomware attack has “had a severe ongoing impact on cancer practices and their patients,” the nonprofit Community Oncology Alliance said in a statement this week. Many doctors and hospitals operate on very slim margins, making weeks without payments from a major payor problematic.
Change Healthcare announced plans for a temporary loan program to get money flowing to health care providers affected by the service outage.
The US Department of Health and Human Services also released a statement about the attack, here. They are hoping to help accelerate payments to providers affected by this cyber attack.
What does this mean for you? Other than the potential loss of medical services while systems are down, anyone covered by UnitedHealth Group is likely to be receiving notifications that their data has been lost in a data breach. Usually ransom payments are meant to prevent hackers from leaking stolen data, but payment is never a guarantee that your stolen data will actually be kept safe. UHC members should keep an eye out for notifications about a breach, and watch their credit reports for any odd activity.
If possible, it is always worthwhile to pay for identity theft coverage, such as LifeLock offered by Norton, or other providers, to help lessen the blow of these data breaches. Workplaces often will offer identity theft protection as a benefit to their employees.
Investigations are still in process, and services to patients and providers are still very much affected. Keep an eye on the news, as this is a developing story.
Stay safe online, and always remember that no matter how much you safeguard your data, that’s no guarantee everyone else with access to it is able to protect it.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.


































