Healthcare data is some of the most sensitive data in existence, but a major hack has just affected up to 15 billion records.

Change Healthcare, who provide revenue and payment services for healthcare providers and patients, has announced that its systems have been compromised by threat actors. With Change Healthcare processing around 15 billion transactions a year, this represents a major attack. And the impact has already been felt. Healthcare providers have been struggling to charge for their services, while patients have been struggling to get their prescriptions issued. It’s a nightmare scenario for all involved and underlines the effect malware can have.

How Did Change Healthcare Get Hacked?

The precise details of how Change Healthcare was hacked has not, as yet, been revealed. However, we do know it was carried out by a ransomware group which goes by the names of ALPHV or BlackCat. Naturally, their trademark attack style involves ransomware, and it’s most likely that this was utilized in the Change Healthcare attack. With ransomware typically encrypting data, this is highly damaging for any service handling healthcare data. By encrypting patient records, the hackers would be severing a crucial flow of information.

The attack came on the 21st February 2024, and Change Healthcare took down their systems on the same day. A week later, BlackCat announced they had been behind the attack. Details of a $22 million payment to the ransomware groups have also been revealed, although Change Healthcare are yet to confirm this was made by themselves. Prescription claim submissions and payment systems have recently been reinstated by Change Healthcare, but full access to their systems is unlikely to be restored until mid-March.

Who is BlackCat?

BlackCat has been active online since 2021 and, since then, has launched a series of audacious attacks. The group was linked to the Colonial Pipeline ransomware attack in 2021, and it also took responsibility for the MGM Casino attack in 2023. Headlines such as these didn’t go unnoticed, and in December 2023, the US Department of Justice set about disrupting BlackCat’s activities. Clearly, though, the resulting Change Healthcare attack has demonstrated how BlackCat was unharmed by this resistance.

Staying Safe from Ransomware

The threat of ransomware is well known, but the Change Healthcare attack is a big deal and acts as an important reminder to stay vigilant. With this in mind, we’re going to show you the best ways to stay safe from ransomware:

  • Regular software updates: ransomware often takes control of IT infrastructures due to software vulnerabilities. Accordingly, you need to make sure automatic updates are activated on your operating system. This ensures your software is updated as soon as an update is available, preventing you from running a network with open doors for threat actors.
  • Employee training: your employees are one of your most powerful forms of defense against ransomware threats. Therefore, regular training on cybersecurity threats such as identifying phishing emails, malicious websites, and understanding how to report cybersecurity incidents is vital. With this in place, you can rest assured your network is as secure as possible.
  • Regular, isolated backups: you need to regularly back up critical data and ensure that backups are stored in a secure, isolated location. Automated backup solutions can help ensure consistency and reliability in the event of your data being encrypted by ransomware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Healthcare data is some of the most sensitive and confidential data to exist in IT systems, so the ransomware attack at Norton Healthcare is a big deal. 

Based in Kentucky, Norton Healthcare is a provider who delivers health services to adults and children in over 40 clinics. Their objective, as with all healthcare providers, is to improve the lives of their patients. However, a recent data breach has done little to inspire a sense of wellness in their patients. The breach, which occurred in May this year but is only just being reported, was part of a ransomware attack. Norton Healthcare’s network was breached for two days, but there appeared to be no evidence that their medical record system had been accessed. 

Nonetheless, healthcare data should always be secure, and breaches in local networks represent a major cause for concern. 

The Norton Healthcare Attack 

The exact nature of the attack has, at present, not been released. But we do know what the impact of the breach was. After discovering that an attack was taking place, Norton was forced into turning its network off, the last thing a healthcare provider wants to do. As the attack was unfolding, Norton received, in a novel twist, a faxed ransom note featuring threats and demands. Later that month, a ransomware group known as ALPHV claimed responsibility for the attack. 

ALPHV released a statement to the dark web which claimed that they had managed to compromise 4.7TB worth of data from Norton Healthcare’s servers. As proof, ALPHV uploaded numerous files – containing patients’ bank statements and Social Security numbers – to backup their claims. Norton’s official line is that only some network storage devices were breached, and these only contained identifying information rather than any medical data. 

How Can Healthcare Providers Protect Themselves?

With more and more healthcare providers coming under attack from threat actors, it’s important that they understand how to minimize their risk. In fact, these lessons are valuable for any business running an IT network, so it’s time to find out how. So, to stay safe from ransomware attacks, make sure you follow this best guidance: 

  • Regular backups: it’s vital that you perform regular backups of your data to ensure, if it becomes encrypted by ransomware, you still have access to it. Ideally, these backups should be completed daily at the very least, and they should always be saved to secure locations. It’s important to keep copies of your backups offline as well, this will allow you to access your data even if you need to take your network down. 
     
  • Partition your hard drives: to minimize the impact of a breach, it’s a good idea to partition you hard drives and data storage. By separating these from your main network, and from each other, you’re limiting the files and data that malware can access. This minimizes the risk of data loss and allows you to keep important systems online. 
     
  • Employee training: educating your staff about the dangers of social engineering and phishing emails is one of the most important steps you can take. Ransomware, such as the strain encountered by Norton Healthcare, is often spread through emails and your employees need to be able to identify these threats before clicking on them. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More