What Happened
Back to: Introduction to CyberSecurity
Breach Description:
In 2022, Change Healthcare merged with Optum, a tech company under the umbrella of United Health Group. Optum was in the middle of incorporating Change Healthcare into the Optum environment. But, on February 12, 2024, cybercriminals used compromised credentials to remotely access Change Healthcare’s Citrix portal, which lacked multi-factor authentication. (MFA) This allowed the unauthorized access to sensitive systems and data.
Who was responsible?
The ALPHV/BlackCat ransomware group took responsibility for the attack.
Who is ALPHV/BlackCat? This group was first observed on November 21, 2021. At the time, the ransomware was called “the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.”
ALPHV operates as a Ransomeware-as-a-Service(RaaS), which means that fellow threat actors can become affiliates by purchasing access to ALPHV ransomware, infrastructure, and other resources. Then, the affiliates conduct the actual attacks while ALPHV focuses on support, ransomware development, and business expansion.