Hackers in Change Healthcare Attack Demand $22M Ransom
Healthcare IT April 22, 2024 7 min read

Hackers in Change Healthcare Attack Demand $22M Ransom

Richard Madden
CTO, EZETech

The ransomware attack on Change Healthcare — one of the largest healthcare payment processors in the United States — sent shockwaves through the industry. The ALPHV/BlackCat ransomware group reportedly received a $22 million ransom payment, making it one of the largest healthcare ransomware payouts in history. The attack disrupted insurance claim processing for thousands of hospitals, pharmacies, and medical providers across the country.

What Happened in the Change Healthcare Attack?

In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — was hit with a devastating ransomware attack. The attackers gained access through compromised credentials on a Citrix remote access portal that lacked multi-factor authentication. Once inside, they exfiltrated terabytes of sensitive patient data and deployed ransomware that encrypted critical systems.

  • 9 months of disruption to healthcare billing and claims processing
  • Over 100 million patient records potentially exposed
  • $22 million ransom reportedly paid to ALPHV/BlackCat
  • Billions of dollars in losses for healthcare providers cut off from payments
  • The incident triggered a congressional investigation into healthcare cybersecurity

What This Means for Healthcare Organizations

This attack is a stark reminder that healthcare organizations of all sizes are prime targets for ransomware. Attackers know that hospitals, clinics, and medical billing companies cannot afford extended downtime — making them more likely to pay. The Change Healthcare incident highlights several critical vulnerabilities that many healthcare organizations share.

⚡ Critical Finding: The attackers gained initial access through a remote access portal WITHOUT multi-factor authentication. This is one of the most preventable attack vectors in cybersecurity. If your organization still has any remote access systems without MFA enabled, this is your urgent wake-up call.

How to Protect Your Healthcare Organization

  • Enable multi-factor authentication on ALL remote access systems immediately.
  • Segment your network — prevent attackers from moving laterally between systems.
  • Maintain offline, tested backups that cannot be encrypted by ransomware.
  • Conduct regular vulnerability assessments and penetration testing.
  • Implement a HIPAA-compliant incident response plan.
  • Train staff to recognize phishing — the #1 initial access vector.
  • Vet and monitor all third-party vendors with access to your systems.

"The Change Healthcare attack demonstrates that healthcare cybersecurity is not just a compliance checkbox — it is a patient safety issue. System downtime can delay care, endanger lives, and destroy organizations."

HealthcareRansomwareHIPAACybersecurityData Breach

Need Expert IT Guidance?

The EZETech team is ready to help secure and optimize your business technology. Schedule a free consultation today.