Home / News

Ransomware Crisis in U.S. Healthcare

A significant ransomware attack by a group known as AlphV or BlackCat has severely disrupted pharmacies across the U.S., affecting the delivery of prescription medications for over ten days. This attack on Change Healthcare has resulted in considerable difficulties for hospital pharmacies and nationwide drug distribution.

Internal conflict within the criminal community has shed light on a possible $22 million ransom payment to AlphV, linked to the attack on Change Healthcare. An affiliate of AlphV accused the group of withholding their share of the ransom, citing a substantial Bitcoin transaction as evidence of the payment.

Payment speculation: Evidence suggests Change Healthcare may have paid the ransom to AlphV, as indicated by the large Bitcoin transaction to an address associated with the hackers. This has led to speculation among cybersecurity researchers that the healthcare firm capitulated to the hackers’ demands.

Paying the ransom could set a troubling precedent for the healthcare sector, encouraging further ransomware attacks by demonstrating their profitability. Experts warn that succumbing to such demands fuels future criminal activities and targets the health sector repeatedly.

Risks of negotiating with cybercriminals: An AlphV affiliate, feeling cheated out of the ransom, warned against dealing with AlphV and revealed potential access to sensitive data from numerous healthcare firms. This situation underscores the risks of negotiating with cybercriminals, as betrayed affiliates may independently leverage or leak sensitive information.

The $22 million ransom, if confirmed, would be among the highest in ransomware history, highlighting the significant threat posed by groups like AlphV to critical sectors, including healthcare.

Uncertain future: Despite a recent crackdown by the FBI, AlphV successfully executed a major attack on Change Healthcare. The group’s current status is uncertain, following the appearance of a law enforcement seizure notice on its site, which may be a response to internal conflicts or another takedown attempt. The historical pattern of rebranding suggests AlphV or its predecessors may resurface under a new guise.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign