NextGen Healthcare confirmed a ransomware attack from ALPHV

January 23, 2023
NextGen Healthcare US Ransomware Cyberattack ALPHV BlackCat Threat Group

The notorious BlackCat ransomware, also known as ALPHV, recently added a US-based healthcare technology company ‘NextGen Healthcare’ to its list of victims. The company confirmed this by notifying the public in a statement.

Headquartered in Atlanta, Georgia, NextGen develops software that caters to its clients in the healthcare industry. The firm promises an all-in-one solution for its clients’ healthcare practice.

According to the firm’s released statement, they are aware of the ransomware group’s claims and have investigated the issue to remediate it. Cybersecurity experts have also been contacted to aid them with investigations.


Several other companies aside from NextGen Healthcare were added to ALPHV’s list of recent victims.


A NextGen Healthcare representative assured its customers and partners that the security incident was already under control. The threat has immediately been contained once detected by implementing more robust network security measures.

The healthcare technology company also said their operations have returned to normal, adding that there was no identified evidence of data theft or misuse.

Since its reemergence, the ALPHV ransomware group has accumulated hundreds of victimised companies and organisations. Some experts believe that the DarkSide ransomware group, the suspect in the historic attack against the Colonial Pipeline in May 2021, had used ALPHV’s malware payload in that campaign.

Most of the group’s targets were companies from the banking, hospitality, healthcare, and retail sectors.

ALPHV’s successful attack campaigns made them one of the most scrutinised and pursued ransomware groups, with authorities aiming to cripple the group’s operations completely. In 2018, three ALPHV members, previously named ‘FIN7’, were seized and sentenced to seven years imprisonment.

Returning as a ransomware-as-a-service (RaaS) in 2020, the group launched more cyberattacks using a new malware strain called the ‘BlackMatter’ to evade law enforcement. The BlackMatter malware was utilised by the group to attack agricultural companies.

The ALPHV group typically extorts payment from their victims, reaching millions in dollars in exchange for the stolen data. Thus, those that have been a victim of this group are warned to enhance their cyber security and be cautious against threats of stolen data misuse.

About the author

Leave a Reply