A ransomware attack impacting Change Healthcare, one of the largest healthcare technology companies in the US, showcases the cascading impacts of a cyberattack. The incident, which occurred on February 21, crippled pharmacies across the nation, including military pharmacies, CVS Health, and Walgreens, causing a significant backlog of unprocessed prescriptions. The pharmacies implemented workarounds to continue to serve patients, though some patients are being asked to pay full price for medications until claims can be processed. In addition, hospitals unable to process claims may be losing millions of dollars per day while Change Healthcare works to recover from the cyberattack. The cyber threat actors behind the attack – ALPHV/BlackCat affiliates – are alleged to have stolen sensitive personal health information (PHI) regarding patients and customers, and threatened to disclose this information if they were not paid the ransom demand. On March 5, a payment of $22 million was made to the ALPHV/BlackCat operators. It is assumed that Change Healthcare initiated this transaction.

The NJCCIC recommends reviewing the recent Cyber Threat Highlight “The Current Threat Landscape of Healthcare” for information on recent targeting of the Healthcare and Public Health sector and mitigation strategies to help reduce cyber risk. Additionally, the This is Security post “Supply Chain Security ” and Cyber Threat Highlight “Supply Chain: Risks to Users and Organizations Continue” provide users with information on the risks associated with the supply chain and potential cascading impacts of cyberattacks.