Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Change Healthcare. Show all posts
United Health
ALPHV/BlackCat Change Healthcare cyber attack Ransomware United Health

Ransomware Attack Targets Healthcare Giant, Change Healthcare

 


A recent cyberattack on Change Healthcare, a subsidiary of United Health, has led to a distressing data extortion situation, further complicating an already tumultuous ordeal. Let's delve into the details to understand the gravity of the situation and its potential repercussions.


Background

In February, Change Healthcare fell victim to a cyberattack, causing significant disruptions in the US healthcare system. The attack, attributed to the BlackCat/ALPHV ransomware operation, resulted in the theft of approximately 6 TB of data.


Double Extortion Tactics

Following intense pressure from law enforcement, the BlackCat gang abruptly shut down their operation amidst allegations of an exit scam. Subsequently, an affiliate named "Notchy" joined forces with the RansomHub gang to engage in a double extortion scheme against Change Healthcare. Despite rumours of a ransom payment, the threat actors are now threatening to release the stolen data unless their extortion demands are met.


Data Leak and Implications

Screenshots of purportedly stolen data, including corporate agreements and sensitive patient information, have begun circulating online. The leaked information not only jeopardises the privacy of individuals but also raises concerns about potential financial repercussions for Change Healthcare and its affiliates.


Response and Investigation

Change Healthcare has refrained from commenting on the situation, leaving many questions unanswered. Meanwhile, the Department of Health and Human Services has launched an investigation into the incident to assess potential breaches of healthcare data regulations.


Financial Fallout

The fallout from the cyberattack has hit hard financially, with UnitedHealth Group revealing substantial losses of $872 million during the first quarter of this year. These losses cover not only the direct costs of responding to the attack but also the wider disruptions it caused across the company's operations. Additionally, the timing of public sector cash receipts has been affected, further exacerbating the financial impact. Furthermore, UnitedHealth Group disclosed that it had advanced approximately $3 billion to healthcare providers whose finances were disrupted by the attack.


With data security at the forefront of public discourse, it underscores the growing threat posed by ransomware attacks in critical sectors such as healthcare. The need for robust cybersecurity measures and proactive response strategies has never been more apparent, as organisations grapple with the devastating consequences of data breaches and extortion attempts.


Read more »
Threat Landscape
American HealthCare Change Healthcare Cyber Attacks Ransomware attack Threat Landscape

Change Healthcare Detects Ransomware Attack Vector

 

The cyberattack's widespread destruction underscores how threat actors can do significant damage by targeting a relatively unknown vendor that serves a vital operational function behind the scenes.

The AlphV ransomware group disrupted basic operations to the critical systems of US healthcare services by attacking a vital financial and claims processing link in a highly interconnected industry. The outage and cascading effects of the cyberattack on the healthcare IT systems continued into the fourth week on Thursday.

UnitedHealth Group reported unauthorised access on its systems on February 21. The reconnecting and testing of Change's claims systems will be completed in phases next week.

The US Department of Health and Human Services launched an inquiry into the incident on Wednesday to investigate whether protected health information was stolen and if Change met privacy and security standards. 

The department's Office for Civil Rights (OCR) announced the investigation in a letter on Wednesday, with Director Melanie Fontes Rainer writing that it was necessary to look into the situation "given the unprecedented magnitude of this cyberattack, and in the best interests of patients and health care providers." 

The statement comes following a crisis meeting on Tuesday with White House officials, medical sector leaders, HHS Secretary Xavier Becerra, and Andrew Witty, CEO of UnitedHealth Group, Change Healthcare's parent company. 

According to Fontes Rainer, the investigation will focus on whether protected health information was compromised and if Change Healthcare and UHG followed Health Insurance Portability and Accountability Act (HIPAA) requirements. 

“OCR’s interest in other entities that have partnered with Change Healthcare and UHG is secondary. While OCR is not prioritizing investigations of healthcare providers, health plans, and business associates that were tied to or impacted by this attack, we are reminding entities that have partnered with Change Healthcare and UHG of their regulatory obligations and responsibilities, including ensuring that business associate agreements are in place and that timely breach notification to HHS and affected individuals occurs as required by the HIPAA Rules,” Rainer said. 

The American Hospital Association referred to the attack as the most significant and consequential incident of its kind against the U.S. healthcare system in history.
Read more »
Ransomware attack
American HealthCare Change Healthcare Cyber Attacks Medical Data Ransomware attack

UnitedHealth's Cyberattack Should Serve as a 'Wake-up Call' for HealthCare Sector

 

The US Health and Human Services Department (HHS) announced Tuesday that it would assist doctors and hospitals in locating alternate claims processing platforms to help restart the flow of business following a cyberattack on a UnitedHealth Group (UNH) subsidiary that crippled operations of a large swath of America's health systems for the past two weeks. 

On February 21, a cyberattack paralysed Change Healthcare, which hospitals, doctors' offices, and pharmacies use to handle payments and prior authorizations for patient visits and medicines.

United gave a lengthy status update Tuesday afternoon, stating that the attack was carried out by BlackCat, a well-known Russian-backed ransomware outfit. 

The FBI was aware of BlackCat, also known as ALPHV, and was successful in breaching the group at the end of last year, but was unable to put it down. BlackCat has previously targeted a number of healthcare companies. It claimed to have collected up to 6 gigabytes of data during the last attack, and that it received $22 million in bitcoin, a transaction visible on the blockchain, but it is still being determined where it came from. 

Based on the most recent statistics, 90% of claims are still being processed for health providers, and pharmacies should be fully operational by Thursday, UHG explained in a statement Tuesday.

Additionally, the company noted, "We've made progress in providing workarounds and temporary solutions to bring systems back online in pharmacy, claims and payments." 

While smaller systems that rely heavily on Change Healthcare are suffering, larger systems with many vendors or the financial capacity to quickly switch to another provider are less affected. 

"This may be the first of its kind, where an outage at the interoperability layer weakens the capacity of the system to function," stated Aneesh Chopra, former US chief technology officer and currently co-founder and president of CareJourney, a healthcare analytics company. "This is a wake-up call on the need for redundancy in systems so we have backup options when a particular vendor goes down.” 

Third-party risks 

Tech platforms have had difficulty allowing their software to interact with each other and provide seamless connectivity for health systems due to regulations safeguarding patient data. However, newer products have made interoperability easier to achieve, which also makes them more susceptible to attacks. 

United's attack makes sense for that reason because it choked off a key mechanism in the inner workings of the system. The change enables several healthcare system companies to handle payments and claims. For example, CVS (CVS) reports that 25% of its claims are processed using Change.

This is in stark contrast to earlier attacks that target specific organisations, such as insurance and hospitals, and affect only one aspect of the system. 

United is also a tempting target because its Optum brand comprises Optum Financial, a different division of UHG that operates a number of payment systems.
Read more »
Websites
Attack Blackcat hackers Change Healthcare critical infrastructure providers Data Breach digital decryption keys Extortion Hospitals International law enforcement seizure Websites

Notorious Hacker Group Strikes US Pharmacies

In December, international law enforcement targeted a gang, leading to the seizure of various websites and digital decryption keys, as reported by Reuters. In response to this crackdown, the Blackcat hackers threatened to extort critical infrastructure providers and hospitals.

A recent attack on Change Healthcare, resulting in its parent company UnitedHealth Group disconnecting its systems to prevent further impact, has caused disruptions in prescription insurance claims, according to the American Pharmacists Association. This outage, which has persisted through Tuesday, is attributed to a notorious hacker group, as per a new report.

The outage at Change Healthcare, which handles payment management for UnitedHealth Group, was caused by a ransomware attack by hackers associated with Blackcat, also known as ALPHV, according to Reuters, citing anonymous sources. Blackcat has been involved in several recent high-profile data breaches, including attacks on Reddit, Caesars Entertainment, and MGM Resorts.

As a result of the breach, pharmacies nationwide are facing significant delays in processing customer prescriptions. Change Healthcare stated they are actively working to restore the affected environment and ensure system security.

UnitedHealth Group mentioned that most pharmacies have implemented workarounds to mitigate the impact of the outage on claim processing. The company expressed confidence that other data systems in its healthcare portfolio were unaffected by the breach.

While last week's breach was suspected to be "nation-state-associated," according to an SEC filing by UnitedHealth, it's uncertain if the group responsible was sponsored by foreign actors. Cybersecurity firms Mandiant and Palo Alto Networks, appointed by UnitedHealth, will lead the investigation into the breach.
Read more »
Subscribe to: Posts (Atom)