Change Healthcare Ransomware Attack: What Happened?

Nathan Cross April 25, 2024


The recent ransomware attack on Change Healthcare that occurred this past February sent shockwaves through the healthcare industry and across the United States. The scary thing is – the attack is still going on, and it's escalating for the worse. 

But – there are ways for the healthcare industry to work around the chaos with TROY.


Understanding the Attack


Change Healthcare, a prominent middleman in the healthcare technology sector that was bought by United Healthcare has found itself in the crosshairs of a sophisticated ransomware attack. 


Change Healthcare processes payments, insurance, and prescriptions to ensure patients are getting the right prescriptions at the right cost, and healthcare providers get paid on time and for the correct amount. 


The hacker group known as AlphV or Blackcat, exploited vulnerabilities in the company's network infrastructure through a ransomware attack, and stole roughly 4 terabytes of information, gaining unauthorized access and encrypting sensitive patient data. The attack disrupted operations, compromised patient information, and posed significant challenges for healthcare providers reliant on Change Healthcare's services.



Impact on Healthcare




Healthcare providers relying on Change’s platforms faced disruptions in billing processes, claims management, and patient services. The incident raised concerns about data privacy, patient confidentiality, and the integrity of healthcare systems, prompting regulatory scrutiny and public outcry.

This ransomware attack put a halt to patient billing and prescription processing for over 67,000 pharmacies and other healthcare providers, and 1 out of every 3 patients were affected. Because insurance coverage was unable to be processed by Change Healthcare, patients couldn’t receive their prescriptions or were forced to pay hundreds of dollars out of pocket for medication.

In a nationwide survey released by the American Medical Association, 80% of physicians who responded said they have lost revenue from unpaid claims and nearly one-third were unable to make payroll. Because of this, pharmacies around the country are at risk of closure.



The Chaos Continues 


This attack occurred in February 2024, and the chaos still escalated months later. Now, it’s been revealed that Change and United Healthcare paid the AphV/Blackcat a ransom of 22 million. Change thought the nightmare was over, but the patient data was never released. 

AlphV/BlackCatV simply did not make good on their promise to release the patient information and ran off with the payment, as untrustworthy cybercriminals do. 

Now, a second group of hackers known as RansomHub, who are believed to be an affiliate or offshoot of BlackCat who did not receive their share of the ransom, are proving they still have patient data with shared screenshots and are asking to be paid, or the information will be sold to the highest bidder. 


This is a developing story...


How TROY SecureRx Helped Regain Control: 


10 days following the initial attack on Change, 1.5 million prescriptions were printed through TROY’s secure prescription printing software, SecureRx, on printers that have not been used in years. What about the attack caused this to happen? 

Well, most prescriptions are sent from doctors' offices to pharmacies through ePrescribe, an all-digital resource for prescriptions to be sent to pharmacies. Due to the attack, the prescriptions could not be sent digitally. Through SecureRx, doctors’ offices were able to print secure prescriptions that patients could bring to the pharmacy themselves. 

TROY SecureRx software provides advanced security features to be utilized in printing prescriptions securely on plain paper. With features like 

•    Watermarks•    Pantographs•    Microprint•    Barcoding

SecureRx ensures the integrity of printed prescriptions, mitigating the risk of unauthorized access or tampering.



The SecureRx solution not only provided a lifeline for healthcare providers and patients during a critical time but also demonstrated the importance of having robust cybersecurity measures in place. By utilizing SecureRx, healthcare organizations could regain control over their prescription processes, ensuring compliance with regulations and safeguarding patient data.

Does You Have a Disaster Recovery Plan?


As the healthcare industry continues to grapple with cybersecurity threats, solutions like TROY's SecureRx serve as a beacon of hope, offering a secure and efficient way to manage prescription printing while protecting patient privacy and safety during time of disaster. 


Learn more about how SecureRx can help your practice here. 

Leave a Comment