Change Healthcare Cyberattack Prompts Cybersecurity Advisory

The party behind this attack has been identified as the ALPHV Blackcat ransomware group.

By Jeff Wardon, Jr., Assistant Editor


Change Healthcare, a provider of revenue and payment cycle management for healthcare, suffered a cyberattack on Feb. 21. The party behind this attack has been identified as the ALPHV Blackcat ransomware group, according to The HIPAA Journal.  

While this attack did not specifically target hospitals and other healthcare facilities, Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Health and Human Services (HHS) have sounded the alarm that other healthcare organizations could soon find themselves caught in the crosshairs. 

The organizations released a joint Cybersecurity Advisory (CSA) concerning the APLHV Blackcat ransomware.  

The advisory urges critical infrastructure organizations to implement mitigation measures to reduce the risk of ALPHV Blackcat ransomware incidents. It also mentions a significant update to the ransomware in February 2023, known as the ALPHV Blackcat Ransomware 2.0 Sphynx, that enhances defense evasion capabilities and expands compatibility to encrypt Windows and Linux systems, including VMWare instances. 

CISA recommends taking the following actions to mitigate against ransomware threats:  

  1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software. 
  2. Prioritize remediation of known exploited vulnerabilities. 
  3. Enable and enforce multifactor authentication with strong passwords. 
  4. Close unused ports and remove applications not deemed necessary for day-to-day operations. 

Jeff Wardon, Jr. Is the assistant editor for the facilities market. 



March 1, 2024


Topic Area: Information Technology , Security


Recent Posts

The Fatal Flaws in Active Shooter Response in Healthcare Facilities

The most effective solutions to workplace violence are sophisticated emergency response planning and master level training for all employees.


Utah Hospital Outage Highlights Backup Power and Resiliency Challenges

The hospital went without power for nearly two hours.


Ground Broken on New North Dakota State Hospital

The 300,000-square-foot facility in Jamestown will provide 140 beds in a modern, trauma-informed care environment.


Form Your Pit Crew: Key Takeaways From the 2025 Healthcare Innovations Conference

The Healthcare Innovations Conference brought together healthcare facility managers from across the country to collaborate on industry issues.


Glens Falls Hospital Caught Up in Oracle Health Data Breach

As of November 2, 2024, Glens Falls Hospital no longer uses Oracle Health/Cerner as its electronic health record vendor.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.