CrowdStrike Reports Major Supply Chain Cyberattack on US Healthcare Provider
• CrowdStrike disclosed on April 25, 2026, a sophisticated cyberattack via compromised third-party software affecting 2.5 million patient records at UnitedHealth's Change Healthcare subsidiary. • Attackers, linked to North Korean Lazarus Group, exfiltrated data over 72 hours before detection, demanding $22 million ransom. • Incident highlights vulnerabilities in US healthcare IT supply chains, prompting HHS emergency directives for 500+ providers.
wired.com