Change Healthcare ransomware shows third-party exposure risk

ALPHV/BlackCat compromised a remote Citrix access point linked to Change Healthcare’s clearinghouse services. Once inside, the group deployed ransomware that halted pharmacy claims nationwide and exposed health records.

Disruptions rippled across insurers, pharmacies, and hospitals, underscoring how vendor access can become a single point of failure for critical workloads.

Prevention playbook:

• Segment third-party remote access, enforce per-session approvals, and layer privileged access management for vendors.
• Harden virtual app gateways with continuous patching, lock down TLS configurations, and monitor for brute-force anomalies.
• Test incident response runbooks with healthcare partners to ensure clinical operations keep running during outages.