Dive Brief:
- UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following a cyberattack that’s impaired services nationwide.
- “A thorough forensic analysis is well underway,” the company said in a Wednesday update. “Through this analysis, we have identified the source of the intrusion and, with high confidence, have established a safe restore point. This point allows us to move forward safely and securely in restoring our data and systems.”
- A spokesperson for UnitedHealth Group declined to identify the attack vector. Mandiant and Palo Alto Networks continue to assist with the forensic analysis into the attack, and UnitedHealth Group said it will share more details in the coming days.
Dive Insight:
The industrywide devastation the cyberattack caused underscores how threat actors can create significant damage by hitting a relatively obscure vendor that plays a prominent operations role behind the scenes.
By targeting a vital financial and claims processing link in a heavily interconnected sector, the AlphV ransomware group impeded core operations to the critical infrastructure of U.S. healthcare services.
The outage and cascading impacts caused by the cyberattack against the healthcare IT platform stretched into the start of its fourth week Thursday. UnitedHealth Group said it detected unauthorized activity on its systems Feb. 21.
A phased reconnection and testing of Change’s claims systems is slated for completion next week.
The U.S. Department of Health and Human Services opened an investigation into the attack Wednesday to determine if protected health information was stolen and if Change complied with privacy and security requirements.