High-Profile Hacking Group Is Behind the Cyberattack That Left Pharmacies Paralyzed

By: Lauren | Published: Mar 07, 2024

Cyberattacks have become increasingly more prevalent as companies now rely heavily on online systems.

The most recent attack, executed by a high-profile ground known as “Blackcat hacking,” hit UnitedHealth Group’s pharmacies, and now, pharmacists are struggling to fill prescriptions.

The Notorious Blackcat Hackers

A well-known ransomware gang known as “Blackcat” has attacked UnitedHealth’s online prescription platform, completely mangling the entire system.

Advertisement
A black cat laying on the floor and looking directly at the camera

Source: Freepik

The group of anonymous hackers, also known as ALPHV, has been functioning since 2021 and has targeted hundreds of organizations all around the world in just a few years.

Advertisement

Blackcat Has Already Attacked MGM and Reddit

In 2023, the hackers made their way onto the servers of both Reddit and MGM, asking for significant ransoms to return the platforms to their rightful owners.

Advertisement
Logo for MGM in black and gray/Logo for Reddit on a gray background

Source: Logo Wine/Wikipedia

In fact, the Blackcat hackers are such a big problem that the U.S. State Department announced that they will award up to $10 million to anyone who can identify its leaders.

The Government Cannot Seem to Get Ahead of These Cyber Criminals

As well as offering a substantial award for information, the US government is also hard at work trying to find and dismantle this cybercrime organization. And while they’ve had some success seizing a few digital decryption keys, the Blackcat team is still at large.

Advertisement
Group of employees work on cybersecurity in an office

Source: Freepik

But when the FBI started diligently tracking them, the criminals with Blackcat retaliated by threatening to use their skills to hit America’s most important online infrastructures, such as medical providers. Now, it seems they have made good on their threat.

UnitedHealth Group Got Hit Hard

In the last week of February 2024, the Blackcat or ALPHV hackers successfully infiltrated the UnitedHealth Group, which organizes prescriptions for more than 70,000 pharmacies around the country.

Advertisement
UnitedHealth Group sign in front of an office building

Source: Investopedia

With Blackcat now running the system, UnitedHealth reports they are experiencing a significant backlog in prescriptions that individual pharmacies are trying to find ways to work around.

90% of the UnitedHealth Pharmacies Have Found Work Arounds

According to the UnitedHealth Group, 90% of its 70,000 pharmacies have been able to modify their systems to ensure patients are receiving the medicine they need.

Pharmacist on a computer clearly frustrated

Source: Freepik

The other 10% have apparently found a way to work offline while Blackcat remains in control of the online system.

Advertisement

Doesn’t This Platform Contain Personal Medical Information?

The fact that pharmacies around the country are struggling to ensure their customers get the medicine they need is certainly a problem, but many are worried this infiltration of a healthcare system means the hackers now have the personal medical information of millions of Americans.

Hand holding a folder with “medical record” written on the front

Source: iStock

However, the company claims they have a “high level of confidence” that the remaining data systems regarding patient information have not been breached.

Advertisement

Who Are the Blackcat Hackers?

The question on the government, the UnitedHealth Group, and really everyone’s minds, is just who these Blackcat hackers actually are.

Person sitting in front of several computer monitors that read “System Hacked”

Source: Freepik

In their announcement, the UnitedHealth Group stated they believe the group is “nation-state-associated,” meaning that the cyberattack is coming from outside the US as a direct assault on the country.

Advertisement

Are the Blackcat Hackers from Russia?

The government has not officially stated they believe the Blackcat hackers are working from Russia, though there have been rumors that the group is connected to the powerful nation.

Russian flag flying against a blue sky

Source: Freepik

Of course, if these rumors are true, the cyberattacks wouldn’t just be an inconvenience but a matter of national security.

Advertisement

The Blackcat Hackers May Just Be Financially Motivated

However, since the Blackcat hackers have yet to attack the US government and are specifically holding platforms like that of UnitedHealth Group, Reddit, and MGM Resorts for ransom, others argue that they aren’t foreign nationals.

A black suitcase full of American cash

Source: Shutterstock

Instead, their only motivation might just be the money. Cybersecurity analyst Brett Callow told the press, “As far as I am aware, they are financially motivated cybercriminals and nothing more.”

Advertisement

Cybersecurity Firms Are Hard at Work Investigating the Breach

While the debate continues as to just who these hackers are, where they come from, and what they really want, cybersecurity firms around the country are working tirelessly to ensure their platforms are protected against future attacks.

Employee of a cybersecurity firm holding a clipboard

Source: Freepik

Additionally, UnitedHealth’s firms Mandiant and Palo Alto Networks are currently investigating their recent breach not only to find out how it occurred but also to make sure it doesn’t happen again.

Advertisement

When Will American Pharmacies Be Back to Normal?

According to several sources, UnitedHealth has already paid the unbelievably expensive ransom of $22 million requested by the Blackcat hackers to get their servers back.

A pharmacist reaching for medicine from the shelves

Source: Freepik

Therefore, for the American people, the issue has been resolved, and their medications will be available as needed. But that doesn’t mean cybersecurity firms and the US government are done looking for these criminals.

Advertisement