US offers $10 million bounty for info on the hackers who hit UnitedHealth

The U.S. State Department announced a reward of up to $10 million for details about the ‘Blackcat’ ransomware group, responsible for attacking UnitedHealth Group’s technology division and disrupting insurance payments nationwide.

UnitedHealth Group recently disclosed that it has started to address and significantly reduce a staggering backlog of medical claims valued at more than $14 billion. This initiative comes as the company’s services are gradually restored following a severe cyberattack that commenced in late February, wreaking havoc on its operational capabilities.

The attack targeted UnitedHealth’s technology arm, Change Healthcare, a pivotal entity in the healthcare ecosystem responsible for facilitating the smooth transfer of payments from insurance providers to healthcare practitioners. The fallout from this cyberattack has been extensive, leading to significant financial and operational disruptions.

In many instances, both patients and doctors were left financially stranded due to the interruption in payment processes. Among those hardest hit by these disruptions are the community health centers that deliver essential medical services to a demographic exceeding 30 million individuals, encompassing the nation’s poor and uninsured populations. The detrimental effects on these centers underline the profound impact of the cyberattack on the broader healthcare landscape, highlighting the critical nature of cybersecurity in safeguarding public health and financial stability within the sector.

Earlier this month, it was reported by hackers that UnitedHealth had paid a ransom of $22 million in an attempt to restore its compromised systems following the cyberattack. However, it remains unclear whether the Blackcat ransomware group fulfilled their part of the agreement in decrypting the affected data or restoring the impacted systems.

In a deceptive move following the attack, Blackcat published a counterfeit press release on its website, falsely proclaiming that their operations had been seized by law enforcement authorities. This misleading statement was strategically designed to give the false impression that the group had ceased its illicit activities, adding a layer of complexity to the ongoing cybersecurity incident involving UnitedHealth. This act of disinformation has further muddled the situation, raising questions about the true status of Blackcat’s operations and their intentions following the ransom payment.