Change Healthcare registers pulse after crippling ransomware attack

Remaining services are expected to return in the coming weeks after $22M ALPHV ransom

Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online.

The Tennessee-based healthcare tech biz said on Thursday it had started to make the Rx Connect, Rx Edit, and Rx Assist services live again, and that "electronic prescribing is now fully functional with claim submission and payment transmission also available as of today."

The first step towards a full restoration of systems will be welcome news to the US healthcare system after thousands of hospitals and pharmacies reported severe disruptions following the attack in late February.

UnitedHealth Group, which owns the Change Healthcare IT services biz and is the largest healthcare provider in the US, confirmed that other systems are expected to return in the coming weeks.

Electronic payments are pegged to return from March 15 onwards, while systems responsible for managing medical claims will start coming back online in the week beginning March 18, providing all tests and checks slated to start that week go according to plan.

"We are committed to providing relief for people affected by this malicious attack on the US health system," said Andrew Witty, CEO at UnitedHealth Group in a statement. 

"All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We're determined to make this right as fast as possible."

Cash issues for doctors and pharmacies

The electronic payment system outages have been felt across the sector, with hospitals, doctors, and pharmacies reporting cash flow issues – a problem that has seen the US government step in this week to address it.

The Department of Health and Human Services (HHS) relaxed rules around Medicare on Tuesday, allowing affected stakeholders to claim advance funding in order to keep providing medical care.

"Numerous hospitals, doctors, pharmacies, and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments," the department said. "HHS has heard these concerns and is taking direct action and working to support the important needs of the healthcare community."

UnitedHealth Group also introduced a new iEDI claim submission system which it recommends for use by clients as a workaround until the usual systems are back up and running.

ALPHV's last hoorah

It seems likely that Change will be the ALPHV/BlackCat ransomware gang's last scalp before it goes into hiding for who knows how long.

The group claimed responsibility for the attack shortly after the widespread disruptions started to hit the news. It posted Change to its dark web leak blog, claiming it stole circa 6TB of sensitive data from the IT firm's systems.

We know that Change was in contact with the criminals to some degree, and that its Bitcoin wallets were credited with around $22 million worth of the token, but it's not clear whether this was a payment directly related to the incident at Change.

In recent days, previously held suspicions of ALPHV closing down have become increasingly solidified as an exit scam seems more likely. 

Last week, ALPHV's last remaining website displayed an identical FBI seizure splash page as the one the FBI actually took control of at an earlier date.

Code nerds poked around the HTML to find that the image appeared to be a simple screenshot taken from the other site and uploaded by the admin to make it seem like the feds had actually taken control. In reality, it appears highly likely that this was a ruse to hide an exit scam – taking affiliates' payments and hiding underground.

Following the subsequent shuttering of its infrastructure, the gang took to hacker forums to explain that law enforcement efforts were the reason for the project closing.

El Reg spoke to the UK's National Crime Agency and Europol, two agencies involved in the initial efforts to bring down ALPHV in December, and both denied any involvement in the recent shutdown. The FBI, which led the operation, did not respond. ®

More about

TIP US OFF

Send us news


Other stories you might like