In a major blow to the health care industry, a ransomware attack orchestrated by the notorious cybercriminal gang known as Black Cat, or AlphV, has wreaked havoc on pharmacies and hospitals nationwide. UnitedHealth Group, one of the largest health insurance companies, has accused Black Cat of hacking their health care payment systems, leading to a disruption in services and impacting patients seeking medical treatment.

Last week, UnitedHealth Group disclosed a "cybersecurity issue" affecting its subsidiary, Optum, which resulted in the shutdown of its digital health care payment platform, Change Healthcare. This forced hospitals, pharmacies, and other health care providers to either lose access to the platform or sever connections to prevent further intrusion by the hackers.

The outage has had a significant impact, with UnitedHealth estimating that over 90% of the 70,000 pharmacies in the US have had to alter their electronic claims process. UnitedHealth Group has created a dedicated website to address the ongoing outage and assure customers that alternative methods are in place to ensure access to medications. However, the company has cautioned that the disruption may last several weeks.

After enlisting the help of external cybersecurity firms, including Mandiant and Palo Alto Networks, UnitedHealth Group has concluded that Black Cat, or AlphV, is responsible for the breach. This determination is supported by Black Cat's initial claim of credit on its dark web leak site, though the post has since been removed.

The involvement of Black Cat as the ransomware gang behind the attack is somewhat surprising, given that just a few months ago, the FBI successfully infiltrated their internal servers and gained control of their websites. The US government celebrated this operation, which involved collaboration with multiple foreign governments. However, the health care breach demonstrates the persistent and resilient nature of cybercriminal groups, particularly when located in countries with lax law enforcement when it comes to prosecuting these crimes.

While researchers have not definitively attributed Black Cat to Russia or its government, analysis suggests that the group is Russian-speaking. US intelligence officials have previously acknowledged Russia's tendency to turn a blind eye to cybercrime in exchange for the hackers' cooperation in intelligence operations, particularly during times of conflict such as the war in Ukraine.

In addition to the health care breach, Black Cat also recently claimed to have stolen classified documents and sensitive personal data about Department of Defense employees from US federal contractors, further highlighting the group's audacity and reach.

The ongoing ransomware attack has raised concerns about the vulnerability of critical infrastructures and the need for stronger cybersecurity measures within the health care industry. Authorities and cybersecurity experts are working diligently to investigate and respond to the attack, but the road to full recovery is expected to be challenging.