Download Our DHN Survey Result 2024
Realize your Healthcare’s Digital Transformation journey with ScaleHealthTech Learn More

Change Healthcare Systems Paid $22 Mn Ransom to Hackers’ Group ‘BlackCat’

Written by : Arti Ghargi

March 6, 2024

Category Img

A cryptocurrency account that was already mapped to the BlackCat group received a single transaction worth approx $22 million on March 1, security researchers noted on social media.

Two weeks after one of the major cybersecurity attacks on Change Healthcare that crippled health systems in the US, multiple reports suggest that a ransom of $22 million was paid to the hacker’s group BlackCat.

Reportedly, the payment was made in cryptocurrency in exchange for regaining access to its systems and data.

The cybercriminal group, also known as ALPHV had claimed responsibility for the ransomware attack against Change Healthcare.

It also claimed to have stolen six terabytes of data from Change Healthcare systems including medical data of patients as well as social security numbers. Further, it had threatened to leak the data in case the ransom was not paid.

Report Claims Ransom Paid in Bitcoin

According to Krebonsecurity, a post on an online Russian language forum RAMP - popular with hackers- claimed that Change Healthcare had paid a $22 million ransom for a decryption key to regain access to its data.

Several security researchers took to social media to reveal the evidence of the alleged transaction. A cryptocurrency account that was already mapped to the BlackCat group received a single transaction worth approximately $22 million on March 1, Krebonsecurity reported.

Both UnitedHealthcare and BlackCat have remained tight-lipped on the claims of payment of a $22 million ransom. However, Change Healthcare has responded to media queries of several outlets saying that it is focused on the investigation and restoration of its services.

BlackCat Group Shuts Down Servers

After the post went online on the forum, it was reported that BlackCat had shut down its servers and ransomware sites.

Reportedly, the website now features seizure notices by the feds.

However, researchers believe BlackCat might have done this to avoid paying commissions to its affiliates who carried out the ransomware attack on Change Healthcare.

Ransomware groups often employ freelance affiliates to carry out large-scale cybersecurity attacks. These affiliates are then paid a pre-determined percentage of the ransom as a commission. The commission can range from 60% to 90%.

The post on RAMP, made by one such disgruntled affiliate claims that even though Change Healthcare has paid ransom to BlackCat, the data is still with affiliates who helped carry out the attack.

Health Systems Struggle to Get Back to Normal

Meanwhile, the cybersecurity attack on Change Healthcare system and the resulting outage of services has created multiple challenges for its clients including healthcare systems, pharmacies, and even individual healthcare providers.

The cybersecurity assault on Change Healthcare, a unit of UnitedHealth Group’s Optum subsidiary, was discovered on February 21.

The cyberattack has primarily affected the following areas:

· Prior authorizations for pharmaceuticals, procedures, and surgeries

· Insurance verification for inpatient stays

· Precise cost estimates for patients

· Patient billing

Hospitals are having issues with processing claims, billing patients, and checking insurance coverage for care. It said the attack also could affect the ability to pay workers and buy medicine and supplies.

The attack led to delays in the delivery of prescription drugs and prevented some US-based pharmacies, hospitals, and other healthcare facilities from processing claims and receiving payments.

The American Medical Association on Monday asked the Biden administration to make emergency funds available to physicians hurt by the outage. The FBI has taken up the matter and is now investigating the attack actively.

About Chime India

The College of Healthcare Information Management Executives (CHIME) is an executive organization dedicated to serving senior digital health leaders. CHIME includes more than 5,000 members in 56 countries and two US territories and partners with over 150 healthcare IT businesses and professional services firms. CHIME enables its members and business partners to collaborate, exchange ideas, develop professionally and advocate the effective use of information management to improve the health and care throughout the communities they serve. CHIME's members are chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs), chief innovation officers (CIOs), chief digital officers (CDOs), and other senior healthcare leaders. The CHIME India Chapter became the first international chapter outside North America in 2016 and is now a community of over 70+ members in India. For more information, please visit


Digital Health News ( DHN) is India’s first dedicated digital health news platform launched by Industry recognized HealthTech Leaders. DHN Is Industry’s Leading Source Of HealthTech Business, Insights, Trends And Policy News.

DHN Provides In-Depth Data Analysis And Covers Most Impactful News As They Happen Across Entire Ecosystem Including Emerging Technology Trends And Innovations, Digital Health Startups, Hospitals, Health Insurance, Govt. Agencies & Policies, Pharmaceuticals And Biotech.


© Digital Health News 2024