Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare. Show all posts
MediSecure
Australia cyber attack Data financial strain Hacking Healthcare MediSecure

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

 



In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.


Read more »
United Health
Data Extortion Healthcare Privacy Ransomware United Health

The Financial Fallout of UnitedHealth’s Ransomware Attack


A $2.3 Billion Lesson

The recent ransomware attack on UnitedHealth Group serves as a stark reminder of the vulnerabilities that even the largest corporations face. The attack, which has resulted in costs soaring to at least $2.3 billion, underscores the severe financial and operational impacts of cyber threats. 

The health insurance company revealed the estimate in its second-quarter earnings report on Tuesday. The $2 billion cost estimate is based on the millions UnitedHealth has already spent to restore its systems following the attack, which caused a severe outage in February.

The Attack and Immediate Response

UnitedHealth Group, a leading healthcare and insurance provider, fell victim to a sophisticated ransomware attack. The attackers encrypted critical data and demanded a ransom for its release. Despite the company’s robust cybersecurity measures, the breach highlighted gaps that were exploited by the cybercriminals.

In response to the attack, UnitedHealth made the difficult decision to pay a $22 million ransom. While this payment was significant, it represents only a fraction of the total costs incurred. The immediate priority was to restore systems and ensure the continuity of services for millions of customers who rely on UnitedHealth for their healthcare needs.

The Broader Financial Impact

System Restoration: Restoring encrypted data and rebuilding IT infrastructure required substantial investment. This process involved not only technical recovery but also ensuring that systems were secure against future attacks.

Lost Revenue: During the period of disruption, UnitedHealth experienced significant revenue losses. The inability to process claims, manage patient data, and provide timely services had a direct impact on the company’s financial performance.

Operational Costs: Additional costs were incurred in the form of overtime pay for employees working to mitigate the attack’s effects, hiring external cybersecurity experts, and implementing enhanced security measures.

Legal and Regulatory Expenses: Navigating the legal and regulatory landscape post-attack added another layer of costs. Compliance with data protection regulations and managing potential lawsuits required extensive legal resources.

Customer Support Initiatives: To maintain customer trust, UnitedHealth launched several support initiatives. These included offering free credit monitoring services to affected individuals and setting up dedicated helplines to address customer concerns.

Lessons Learned and the Path Forward

The ensuing disruption also hindered UnitedHealth from completing medical prescriptions, resulting in a revenue loss, according to the company's earnings report. 

In Q1, UnitedHealth predicted that the ransomware assault would cost the company between $1 billion and $1.2 billion. However, in Tuesday's results release, the business raised its forecasts to more over $2 billion, citing the need to pay for "financial support initiatives and consumer notification costs," which include providing loans and funds to affected hospitals and pharmacies.

In the second quarter alone, UnitedHealth incurred "$1.1 billion in unfavorable cyber attack effects," according to the business. 

UnitedHealth is still recovering from the ransomware attack, while the "majority" of its IT systems have been restored. Furthermore, multiple class-action lawsuits have been brought against UnitedHealth for failing to protect patient information. As a result, the ransomware attack's costs to the organization may continue to rise.

Read more »
Sensitive Data Leak
Cyber Attacks data security Healthcare Healthcare Industry Patient Data Personal Data Breach Sensitive Data Leak

Cyberattack Exposes Patient Data in Leicestershire

 

A recent cyberattack has compromised sensitive patient data in Leicestershire, affecting several healthcare practices across the region. The breach, which targeted electronic patient records, has led to significant concerns over privacy and the potential misuse of personal information. Those impacted by the attack have received notifications detailing the breach and the measures being taken to secure their data and prevent further incidents.  

Healthcare providers in Leicestershire are collaborating with cybersecurity experts and law enforcement agencies to investigate the breach, identify the perpetrators, and implement enhanced security measures. The goal is to protect patient information and prevent similar incidents in the future. Patients are advised to be vigilant, monitor their personal information closely, and report any suspicious activity to the authorities. The exposed data includes names, contact details, and medical records, all of which are highly sensitive and valuable to cybercriminals. The breach underscores the growing threat of cyberattacks in the healthcare sector, where such information is frequently targeted. 

In response, affected practices have taken immediate steps to bolster their cybersecurity protocols and provide support to those impacted. In addition to enhancing security measures, healthcare providers are committed to maintaining transparency and keeping patients informed about the investigation’s progress and any new developments. This commitment is crucial in rebuilding trust and ensuring that patients feel secure in the handling of their personal information. The healthcare sector has increasingly become a prime target for cyberattacks due to the vast amounts of sensitive data it holds. This incident in Leicestershire serves as a stark reminder of the vulnerabilities within our digital systems and the importance of robust cybersecurity measures. The breach has highlighted the need for constant vigilance and proactive steps to protect sensitive information from cyber threats. 

In the aftermath of the breach, healthcare providers are focusing on not only addressing the immediate security concerns but also on educating patients about the importance of cybersecurity. Patients are being encouraged to take measures such as changing passwords, enabling two-factor authentication, and being cautious about sharing personal information online. As the investigation continues, healthcare providers are committed to working closely with cybersecurity experts to strengthen their defenses against future attacks. 

This collaborative effort is essential in safeguarding patient data and ensuring the integrity of healthcare systems. The Leicestershire data breach is a significant event that underscores the critical need for heightened security measures in the healthcare sector. It calls for a concerted effort from both healthcare providers and patients to navigate the challenges posed by cyber threats and to work together in creating a secure environment for personal information. 

By taking proactive steps and fostering a culture of cybersecurity awareness, the healthcare sector can better protect itself and its patients from the ever-evolving landscape of cyber threats.
Read more »
Privacy
Drugs Europe Healthcare intellectual property Pharmaceutical Firms Privacy

Poland Pushes for Shorter Drug Data Protection in EU

 


At a recent EU meeting in Luxembourg, Poland supported a European Commission proposal to shorten the time new drugs are protected by data exclusivity rules. Health Minister Izabela Leszczyna said Poland prefers one year of market protection over longer periods of data protection.

In April 2023, the European Commission suggested reducing the data exclusivity period for drugs from eight to six years. Minister Leszczyna agreed, saying this would help people access new treatments more quickly without adding extra paperwork. She also proposed one year of market protection for new uses of existing drugs instead of extending data protection.

Balancing Incentives and Access

Minister Leszczyna emphasised that Poland supports measures to ensure all EU countries have access to modern treatments. She suggested that incentives should focus on market protection and not last longer than a year. For drugs treating rare diseases, extending protection could be considered, but for other drugs, different solutions should be found.

Challenges in Generic Drug Production 

Krzysztof Kopeć, President of the Polish Association of Pharmaceutical Industry Employers, highlighted issues with drug shortages, especially for generic drugs. He explained that producing drugs in Europe is becoming less profitable, leading to shortages. Although the European Commission wants to boost drug production in Europe, current regulations do not support this, and production costs are higher in Europe than in Asia.

Concerns from Innovative Drug Companies

Innovative drug companies argue that changing existing intellectual property rules is not the answer to drug access problems. They believe the current rules should continue to support innovation and ensure EU patients can access new treatments. Michał Byliniak, General Director of INFARMA, stressed the need for EU reforms to improve drug supply security, availability, and affordability while also supporting new drug development.

INFARMA is discussing potential risks of shorter protection periods with the Ministry of Health and other stakeholders. They warn that reducing protection could limit access to advanced treatments. INFARMA supports keeping current data protection levels and creating incentives to promote innovation, address unmet medical needs, and encourage research in the EU.

Poland's support for a shorter data exclusivity period shows its commitment to balancing access to new treatments, innovation, and economic realities in the EU drug industry. As discussions continue, the goal remains to create rules that ensure safe, effective, and affordable medicines are available to everyone in Europe.



Read more »
Healthcare
Artificial Intelligence Cyber Security Cyberattacks CyberCrime Digital Data Digital Transformation Healthcare

AI Accelerates Healthcare's Digital Transformation

 


Throughout the healthcare industry, CIOs are implementing technologies that allow precision diagnostics, reduce clinician workload, and automate back-office functions, from ambient documentation to machine learning-based scheduling. A lot of data is available in Penn Medicine BioBank, an institution run by the University of Pennsylvania Health System. A team led by Michael Restuccia's SVP and Chief Information Officer saw the opportunity to use this data for the benefit of patients at the research hospital. 

As a physician, professor, and vice chair of radiology at the University of Pennsylvania Perelman School of Medicine, Charles Kahn says that understanding the characteristics of a population and how a particular individual differs from the rest allows the person to intervene earlier in the condition in question. This is a group of innovative healthcare companies that are pushing the envelope in the digitization of healthcare that has earned the CIO100 award over the past few years. Penn is just one example. The Stanford Medicine Children’s Health, the University of Miami Health System, as well as Atlantic Health have all begun working on precision medicine, machine learning, ambient documentation and other projects. 

From a clinical point of view, Bill Fera, MD, the principal who leads Deloitte Consulting’s AI practice, says that we’re witnessing a growing number of advances in radiology, diagnostic services, and pathology. It is very noteworthy that the AI-powered CT scan analysis system is one of the first systems to be implemented in clinical practice, partly because academic medical practices that conduct research can build and operate their own tools without the burden of obtaining FDA approval, which is what healthcare product manufacturers have to deal with. 

Although the system did not appear overnight, it took some time for it to come together. According to Donovan Reid, associate director of information services applications at Penn Medicine, it took at least two years for the algorithm to be ready for real-time deployment, and four years before the system finally became operational last year. "It took us hopefully two years to get it ready for actual deployment," he says. Due to the large amount of processing resources required, the team decided to host the algorithm in the cloud. 

As a result, the data was encrypted before it was sent to the cloud for processing, and the results were returned to the radiology report after the processing was completed. This was coordinated by the IT team, who developed an AI orchestrator that will be made available to other healthcare providers as a free software package. According to Penn professor Walter Witschey, the availability of this will be a great help for community service hospitals. 

A couple of challenges were faced by the team before the system was up and running. There was concern among IT regarding the impact of imaging data flows on infrastructure, and the amount of computing resources needed at any given time had to be matched to the amount of imaging studies being required. Additionally, the system would have to be able to provide results as soon as possible. It has been incredibly surprising to find out that the direct cost, outside of labor, is only about $700 per month. “Doctors want interpretation right away, not at 4 a.m.,” she says. 

Over 6,000 scans have already been processed through the system, and the team now plans to expand the application to accommodate more of the 1.5 million imaging scans that the hospital system performs on an annual basis.
Read more »
Web3
Blockchain Data Healthcare Technology Web3

Web3 in Healthcare: Privacy, Consent, and Equity


The convergence of Web3 technologies and the healthcare industry has sparked significant interest and investment. As blockchain, decentralized applications (dApps), and smart contracts gain traction, the potential benefits for healthcare are immense. However, this rapid adoption also brings cybersecurity challenges that must be addressed.

The Promise of Web3 in Healthcare

1. Decentralization and Data Ownership

Web3 technologies promise to decentralize control over health data. Patients can own and manage their medical records, granting access to healthcare providers as needed. This shift empowers individuals, enhances privacy, and streamlines data sharing.

2. Interoperability

Blockchain-based solutions enable seamless data exchange across disparate systems. Interoperability can improve care coordination, reduce administrative overhead, and enhance patient outcomes.

3. Supply Chain Transparency

Web3 can revolutionize pharmaceutical supply chains. By tracking drug provenance on an immutable ledger, we can prevent counterfeit drugs from entering the system.

The Cybersecurity Challenge

1. Smart Contract Vulnerabilities

Smart contracts, the backbone of dApps, are susceptible to coding errors. High-profile incidents like the DAO hack 2016 ($50 million stolen) underscore the need for rigorous auditing and secure coding practices.

2. Data Privacy Risks

While Web3 promises data ownership, it also introduces new privacy risks. Public blockchains expose transaction details, potentially compromising patient confidentiality.

3. Ransomware Attacks

Healthcare organizations are prime targets for ransomware attacks. Web3 adoption increases the attack surface, as hospitals and clinics integrate blockchain-based systems.

Notable Incidents

1. Change Healthcare Breach (2023)

Change Healthcare, a major player in healthcare payment processing, suffered a cyberattack. Hackers exploited a vulnerability in their Web3-enabled billing platform, compromising patient data and disrupting financial transactions. The incident cost the company millions in fines and legal fees.

2. PharmaChain Supply Chain Attack (2022)

PharmaChain, a blockchain-based drug tracking platform, fell victim to a supply chain attack. Malicious actors injected counterfeit drug information into the ledger, leading to patient harm. The incident highlighted the need for robust security protocols.

Safe Future: Preventive Measures

1. Code Audits

Thoroughly audit smart contracts before deployment. Engage security experts to identify vulnerabilities and ensure robust coding practices.

2. Privacy-Enhancing Technologies

Explore privacy-focused blockchains (e.g., Monero, Zcash) for sensitive health data. Implement zero-knowledge proofs to protect patient privacy

3. Incident Response Plans

Healthcare organizations must develop comprehensive incident response plans. Regular drills and training are essential to minimize damage during cyberattacks.

Read more »
Privacy
Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions


In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities. 



Read more »
Patient Data
American Hospital Association Ascension Ascensions Health System cyber attack Healthcare Patient Data

Cyberattacks Threaten US Hospitals: Patient Care at Risk


 

A severe cyberattack on Ascension, one of the largest healthcare systems in the United States, has disrupted patient care significantly. The ransomware attack, which began on May 8, has locked medical providers out of critical systems that coordinate patient care, including electronic health records and medication ordering systems. This disruption has led to alarming lapses in patient safety, as reported by health care professionals across the nation.

Marvin Ruckle, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, highlighted the chaos, recounting an incident where he almost administered the wrong dose of a narcotic to a baby due to confusing paperwork. Such errors were unheard of when the hospital’s computer systems were operational. Similarly, Lisa Watson, an ICU nurse at Ascension Via Christi St. Francis, narrowly avoided giving a critically ill patient the wrong medication, emphasising the risks posed by the shift from digital to manual systems.

The attack has forced hospitals to revert to outdated paper methods, creating inefficiencies and increasing the potential for dangerous mistakes. Watson explained that, unlike in the past, current systems for timely communication and order processing have disappeared, exacerbating the risk of errors. Melissa LaRue, another ICU nurse, echoed these concerns, citing a close call with a blood pressure medication dosage error that was fortunately caught in time.

Health care workers at Ascension hospitals in Michigan reported similar issues. A Detroit ER doctor shared a case where a patient received the wrong medication due to paperwork confusion, necessitating emergency intervention. Another nurse recounted a fatal delay in receiving lab results for a patient with low blood sugar. These incidents highlight the dire consequences of prolonged system outages.

Justin Neisser, a travel nurse at an Indiana Ascension hospital, chose to quit, warning of potential delays and errors in patient care. Many nurses and doctors fear that these systemic failures could jeopardise their professional licences, drawing parallels to the high-profile case of RaDonda Vaught, a nurse convicted of criminally negligent homicide for a fatal drug error.

The health sector has become a prime target for ransomware attacks. According to the FBI, health care experienced the highest share of ransomware incidents among 16 critical infrastructure sectors in 2023. Despite this, many hospitals are ill-prepared for prolonged cyberattacks. John Clark, an associate chief pharmacy officer at the University of Michigan, noted that most emergency plans cover only short-term downtimes.

Ascension's response to the attack included restoring access to electronic health records by mid-June, but patient information from the outage period remains temporarily inaccessible. Ascension has asserted that its care teams are trained for such disruptions, though many staff members, like Ruckle, reported receiving no specific training for cyberattacks.

Federal efforts to enhance health care cybersecurity are ongoing. The Department of Health and Human Services (HHS) has encouraged improvements in email security, multifactor authentication, and cybersecurity training. However, these measures are currently voluntary. The Centers for Medicare & Medicaid Services (CMS) are expected to release new cybersecurity requirements, though details remain unclear.

The American Hospital Association (AHA) argues that cybersecurity mandates could divert resources needed to combat attacks. They contend that many data breaches originate from third-party associates rather than hospitals themselves. Nevertheless, experts like Jim Bagian believe that health systems should face consequences for failing to implement basic cybersecurity protections.

The cyberattack on Ascension calls for robust cybersecurity measures in health care. As hospitals consolidate into larger systems, they become more vulnerable to data breaches and ransomware attacks. Health care professionals and patients alike are calling for transparency and improvements to ensure safety and quality care. The situation at Ascension highlights the critical nature of cybersecurity preparedness in protecting patient lives.


Read more »
Ransomware
Data Healthcare Malicious Campaign malware Ransomware

Defending Hospitals and Clinics: Strategies Against Ransomware

Defending Hospitals and Clinics: Strategies Against Ransomware

The healthcare industry has become a prime target for ransomware attacks in recent years. These malicious campaigns exploit vulnerabilities in healthcare systems, disrupt critical services, and compromise sensitive patient data. 

According to Steve Stone, president of Rubrik's Zero Labs, ransomware is one of the levers changing how enterprises think about risk. Zero Labs' latest analysis shows that healthcare firms are more likely to lose 20% of their sensitive data after a ransomware attack.

This blog post will explore why healthcare organizations are at risk and discuss strategies to mitigate these threats.

1. Data Sensitivity and Volume

Healthcare organizations handle vast amounts of sensitive data, including patient records, medical histories, and financial information. This data is a goldmine for cybercriminals seeking economic gain. According to recent reports, healthcare data breaches cost organizations an average of $7.13 million per incident. The sheer volume of sensitive data makes healthcare an attractive target.

2. Architectural Similarities

While ransomware operators don’t exclusively focus on healthcare, the industry shares architectural nuances with other sectors. For instance:

Legacy Systems: Many healthcare institutions still rely on legacy systems that lack robust security features. These outdated systems are more susceptible to attacks.

Interconnected Networks: Healthcare networks connect various entities—hospitals, clinics, laboratories, and insurance providers. This interconnectedness creates multiple entry points for attackers.

Medical Devices: Internet of Things (IoT) devices, such as MRI machines and infusion pumps, are integral to patient care. However, they often lack proper security controls, making them vulnerable.

3. Risk Surface Area

Preventing ransomware starts with understanding your risk surface area. Here’s how healthcare organizations can reduce their exposure:

Identity Management: Properly managing user identities and access rights is crucial. Limiting access to sensitive data based on roles and responsibilities helps prevent unauthorized changes.

Data Visibility: Organizations must know where sensitive data resides, both on-premises and in the cloud. Regular audits and data classification are essential.

Backup and Recovery: Robust backup solutions are critical. Regularly backing up data ensures that even if ransomware strikes, organizations can restore systems without paying the ransom.

4. Incident Response Challenges

Healthcare organizations face unique challenges in incident response:

Hybrid Environments: Many healthcare systems operate in hybrid environments—partly on-premises and partly in the cloud. Coordinating incident response across these environments can be complex.

Patient Safety: Ransomware attacks can disrupt critical services, affecting patient care. Balancing data protection with patient safety is a delicate task.

Collaboration: Effective incident response requires collaboration among IT teams, legal departments, and external cybersecurity experts.

Read more »
Ransomware Threat
Change Ransomware Data Leak Healthcare Privacy Ransomware Threat

The High Cost of Ransomware: Change Healthcare’s $22 Million Payout and Its Aftermath

Change Healthcare’s $22 Million Payout and Its Aftermath

A Costly Decision: The $22 Million Ransom

When Change Healthcare paid $22 million in March to a ransomware gang that had devastated the company as well as hundreds of hospitals, medical practices, and pharmacies throughout the US, the cybersecurity industry warned that Change's extortion payment would only fuel a vicious cycle. 

It appeared that rewarding hackers who had carried out a merciless act of sabotage against the US health-care system with one of the largest ransomware payments in history would stimulate a new wave of attacks on similarly vulnerable victims. The wave has arrived.

This decision came after a crippling cyberattack that not only brought the company to its knees but also impacted hundreds of hospitals, medical practices, and pharmacies nationwide.

The ransomware attack on Change Healthcare was not just another statistic; it was a ruthless act of sabotage against the US healthcare system. The payment made by Change Healthcare is one of the largest ransomware payouts in history and has raised serious concerns about the implications of such actions.

Cybersecurity Warnings Ignored: The Ripple Effect

Cybersecurity experts have long warned against paying ransoms to cybercriminals. The rationale is straightforward: meeting hackers’ demands fuels a vicious cycle, encouraging them to continue their nefarious activities with the knowledge that their tactics are effective. In the case of Change Healthcare, this warning was not heeded, and the consequences were immediate and alarming.

Record-breaking Surge in Healthcare Cyberattacks

According to cybersecurity firm Recorded Future, there was a record-breaking spike in medical-targeted ransomware incidents following Change Healthcare’s payout. A total of 44 health-care-related cyberattacks were reported in just one month after the incident came to light—the most ever recorded in such a short span. This surge serves as a grim reminder of the potential fallout from capitulating to cybercriminals’ demands.

Why Healthcare is a Prime Target for Ransomware

The healthcare sector has become an increasingly attractive target for ransomware gangs. The reason is twofold: healthcare organizations often possess sensitive patient data, and they operate under the pressure of needing to maintain uninterrupted services. This combination makes them more likely to pay ransoms quickly to restore operations and protect patient privacy.

The aftermath of Change Healthcare’s payment is a testament to the broader implications of ransomware attacks on critical infrastructure. It’s not just about the immediate financial loss; it’s about the long-term impact on trust and security in an industry that is integral to public well-being.

Read more »
UK
Cyber Attacks Data Privacy Healthcare London National Cyber Security Centre NHS patient data protection Ransomware attack Russian Gang UK

Ransomware Attack on Pathology Services Vendor Disrupts NHS Care in London

 

A ransomware attack on a pathology services vendor earlier this week continues to disrupt patient care, including transplants, blood testing, and other services, at multiple NHS hospitals and primary care facilities in London. The vendor, Synnovis, is struggling to recover from the attack, which has affected all its IT systems, leading to significant interruptions in pathology services. The Russian-speaking cybercriminal gang Qilin is believed to be behind the attack. Ciaran Martin, former chief executive of the U.K. National Cyber Security Center, described the incident as "one of the more serious" cyberattacks ever seen in England. 

Speaking to the BBC, Martin indicated that the criminal group was "looking for money" by targeting Synnovis, although the British government maintains a policy against paying ransoms. Synnovis is a partnership between two London-based hospital trusts and SYNLAB. The attack has caused widespread disruption. According to Brett Callow, a threat analyst at security firm Emsisoft, the health sector remains a profitable target for cybercriminals. He noted that attacks on providers and their supply chains will persist unless security is bolstered and financial incentives for such attacks are removed. 

In an update posted Thursday, the NHS reported that organizations across London are working together to manage patient care following the ransomware attack on Synnovis. Affected NHS entities include Guy's and St Thomas' NHS Foundation Trust and King's College Hospital NHS Foundation Trust, both of which remain in critical incident mode. Other impacted entities are Oxleas NHS Foundation Trust, South London and Maudsley NHS Foundation Trust, Lewisham and Greenwich NHS Trust, Bromley Healthcare, and primary care services in South East London. 

The NHS stated that pathology services at the impacted sites are available but operating at reduced capacity, prioritizing urgent cases. Urgent and emergency services remain available, and patients are advised to access these services normally by dialing 999 in emergencies or using NHS 111. The Qilin ransomware group, operating on a ransomware-as-a-service model, primarily targets critical infrastructure sectors. According to researchers at cyber threat intelligence firm Group-IB, affiliate attackers retain between 80% and 85% of extortion payments. Synnovis posted a notice on its website Thursday warning clinicians that all southeast London phlebotomy appointments are on hold to ensure laboratory capacity is reserved for urgent requests. 

Several phlebotomy sites specifically managed by Synnovis in Southwark and Lambeth will be closed from June 10 "until further notice." "We are incredibly sorry for the inconvenience and upset caused to anyone affected." Synnovis declined to provide additional details about the incident, including speculation about Qilin's involvement. The NHS did not immediately respond to requests for comment, including clarification about the types of transplants on hold at the affected facilities. The Synnovis attack is not the first vendor-related incident to disrupt NHS patient services. Last July, a cyberattack against Ortivus, a Swedish software and services vendor, disrupted access to digital health records for at least two NHS ambulance services in the U.K., forcing paramedics to use pen and paper. 

Additionally, a summer 2022 attack on software vendor Advanced, which provides digital services for the NHS 111, resulted in an outage lasting several days. As the healthcare sector continues to face such cybersecurity threats, enhancing security measures and removing financial incentives for attackers are crucial steps toward safeguarding patient care and data integrity.
Read more »
NHS
Cancer Cyber Attacks Data Leak Healthcare NHS

Cyberattack on London Hospitals Disrupts Cancer Care

Cyberattack on London Hospitals Disrupts Cancer Care

In a shocking turn of events, major hospitals in London recently fell victim to a cyberattack orchestrated by a Russian criminal group. The attack targeted critical healthcare infrastructure, leading to the cancellation of hundreds of appointments, including urgent cancer diagnoses and life-saving procedures. Let’s delve into the details of this alarming incident.

The Attack

Guy’s and St Thomas’ Foundation Trust (GSTT) and King’s College University Hospital NHS Foundation Trust found themselves at the center of a digital storm. The attackers exploited vulnerabilities in the hospital systems, gaining unauthorized access to sensitive patient data and disrupting essential services. The impact was far-reaching, affecting not only London but potentially extending to other hospitals as well.

Immediate Consequences

Emergency Procedures Canceled: Over 200 emergency and life-saving procedures were abruptly canceled. Patients awaiting critical surgeries faced uncertainty and anxiety as hospitals scrambled to contain the situation.

Urgent Cancer Diagnoses Delayed: The attack disrupted the referral process for cancer patients. More than 3,000 non-surgical appointments were postponed, leaving patients in limbo. For those awaiting cancer diagnoses, every day counts, and delays can have serious consequences.

Synnovis Under Scrutiny: The attack was traced back to Synnovis, a supplier that provides services to several hospitals. Authorities are investigating how the breach occurred and whether other hospitals relying on Synnovis are also at risk.

Long-Term Implications

Patient Trust Eroded: Trust is the bedrock of healthcare. The cyberattack eroded patient trust in the system. Patients now wonder if their personal information is safe and whether hospitals can protect them from digital threats.

Operational Challenges: Hospitals face operational challenges as they grapple with the aftermath. Restoring systems, ensuring data integrity, and fortifying cybersecurity protocols demand significant resources and expertise.

Lessons Learned: The incident is a wake-up call for healthcare institutions worldwide. It underscores the need for robust cybersecurity measures, regular audits, and proactive threat detection.

Mitigation Efforts

Immediate Response: Hospitals swiftly activated their incident response teams. They isolated affected systems, notified patients, and initiated recovery processes.

Collaboration: Healthcare organizations collaborated with law enforcement agencies, cybersecurity experts, and other hospitals. Sharing insights and best practices is crucial to preventing future attacks.

Public Awareness: Raising awareness about cyber threats is essential. Patients need to understand the risks and be vigilant about protecting their personal health information.

Read more »
Social Engineering
CISO Cyber Security Healthcare Healthcare Industry healthcare sectors patient data protection Social Engineering

Strengthening Healthcare Cybersecurity: A Collaborative Imperative

 

In recent years, cyberattacks have surged, putting every segment of the nation's healthcare system—from hospitals and physician practices to payment processing companies and biomedical facilities—under stress. These attacks disrupt patient care and cost the industry billions. Erik Decker, Vice President and Chief Information Security Officer (CISO) at Intermountain Health, emphasized the need for an "adversarial mindset" to counter these sophisticated threats during a recent U.S. News and World Report virtual event. 

Decker, who also chairs the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council, highlighted that cybercriminals aim to maximize profits swiftly, targeting vulnerable points within the healthcare sector. Marc Maiffret, Chief Technology Officer of BeyondTrust, explained that attackers typically infiltrate through three primary avenues: social engineering, misconfigured devices, and risky third-party connections. Social engineering often involves phishing emails or impersonation calls to service desks, where attackers request the enrollment of new devices using compromised credentials. 

Misconfigured devices exposed to the internet also provide easy entry points for attackers. The third method involves exploiting unattended remote access systems. Once inside, cybercriminals often target active directory and administrator workstations to gain critical credentials. To bolster defenses, Decker highlighted that the Department of Health and Human Services offers resources and voluntary cybersecurity performance goals developed with the HSCC’s Joint Cybersecurity Working Group. 

Zeynalov described Cleveland Clinic's approach of understanding the business thoroughly and aligning cybersecurity measures with healthcare needs. His team visited various locations to map the patient journey from admission to discharge, ensuring that protections are seamless and do not hinder patient care. Incident response planning is crucial. Maiffret advised against overly imaginative scenarios, favoring practical preparedness. Decker recommended establishing clear command structures and regularly simulating attack responses to build effective "muscle memory." “Your event that happens will never happen according to the way you planned it. 

For smaller, financially constrained hospitals, Zeynalov advocated for shared defense strategies. The Biden Administration’s 2025 fiscal year budget proposal allocates $1.3 billion through HHS to support cybersecurity adoption in under-resourced hospitals, reminiscent of the electronic medical records stimulus from the American Recovery and Reinvestment Act. 

Ultimately, the panelists emphasized a collaborative defense approach to withstand sophisticated cyber threats. By pooling resources and strategies, the healthcare sector can enhance its resilience against the ever-evolving landscape of cybercrime. This shared defense strategy is crucial, as Decker concluded, “We cannot do this stuff individually, trying to stop the types of organizations that are coming after us.” By uniting efforts, the healthcare industry can better protect itself and ensure the safety and trust of its patients.
Read more »
Ransomware
Cyber Attacks Healthcare Hospital Network Security Ransomware

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware Attacks in Healthcare: A Threat to Patient Safety

Ransomware attacks in Healthcare: A threat to patient safety

A ransomware attack on a major U.S. hospital network has been endangering patients’ health. Nurses are forced to manually enter prescription information and work without electronic health records cyberattacks have become an alarming concern for healthcare institutions worldwide. 

The recent ransomware attack on Ascension Providence Rochester Hospital in the United States highlights the critical need for robust cybersecurity measures within the healthcare sector.

The incident

The hospital’s computer systems were compromised by malicious actors who infiltrated their network. The attackers deployed ransomware, encrypting critical files and rendering electronic health records (EHRs) inaccessible. Suddenly, nurses were navigating a chaotic environment where paper records replaced digital ones. The impact was immediate and far-reaching.

Patient safety at risk

  • Manual Processes: Nurses were forced to revert to manual processes for tasks that were previously automated. Prescription orders, patient histories, and treatment plans had to be recorded on paper. This shift disrupted workflows, increased administrative burden, and introduced the risk of errors.
  • Delayed Care: With EHRs offline, accessing patient information became time-consuming. Nurses had to physically search for records, leading to delays in providing care. In emergencies, every second counts, and any delay could jeopardize patient well-being.
  • Medication Errors: Manually transcribing medication orders is error-prone. Misreading handwritten notes or mistyping dosage instructions can have serious consequences. Patient safety hinges on accurate and timely administration of medications, and the ransomware attack disrupted this critical process.
  • Communication Challenges: Collaborating with physicians, pharmacists, and other healthcare professionals became challenging. Without EHRs, nurses struggled to share vital patient information efficiently. Effective communication is essential for coordinated care, and the attack hindered this aspect.

The broader implications

  • Financial Impact: Beyond patient safety, the financial toll of ransomware attacks is substantial. Hospitals must allocate resources to recover data, strengthen security, and address vulnerabilities. These costs divert funds from patient care and research.
  • Public Trust: Patients rely on hospitals to safeguard their sensitive information. A breach erodes trust and raises privacy concerns. Hospitals must transparently communicate such incidents to maintain public confidence.
  • Preventive Measures: Healthcare institutions must prioritize cybersecurity. Regular security audits, employee training, and robust backup systems are essential. Proactive measures can prevent attacks or minimize their impact.
Healthcare organizations must invest in cybersecurity infrastructure, collaborate with experts, and stay vigilant. Patient safety is non-negotiable, and protecting it requires a collective effort. Let us learn from this event and fortify our defenses against cyber threats in the healthcare sector.

Read more »
Sensitive data
Data Breach Healthcare HHS IT Infrastructure network segmentation Sensitive data

One in Three Healthcare Providers at Risk, Report Finds


 

A recent report reveals that more than a third of healthcare organisations are unprepared for cyberattacks, despite an apparent rise in such incidents. Over the past three years, over 30% of these organisations have faced cyberattacks. The HHS Office for Civil Rights has reported a 256% increase in large data breaches involving hacking over the last five years, highlighting the sector's growing vulnerability.

Sensitive Data at High Risk

Healthcare organisations manage vast amounts of sensitive data, predominantly in digital form. This makes them prime targets for cybercriminals, especially since many operators have not sufficiently encrypted their data at rest or in transit. This lack of security is alarming, considering the high value of protected health information (PHI), which includes patient data, medical records, and insurance details. Such information is often sold on the dark web or used to ransom healthcare providers, forcing them to pay up to avoid losing critical patient data.

In response to the surge in cyberattacks, federal regulators and lawmakers have taken notice. The HHS recently released voluntary cybersecurity guidelines and is considering the introduction of enforceable standards to enhance the sector's defences. However, experts stress that healthcare systems must take proactive measures, such as conducting regular risk analyses, to better prepare for potential threats. Notably, the report found that 37% of healthcare organisations lack a contingency plan for cyberattacks, even though half have experienced such incidents.

To address these challenges, healthcare organisations need to implement several key strategies:

1. Assess Security Risks in IT Infrastructure

Regular cyber risk assessments and security evaluations are essential. These assessments should be conducted annually to identify new vulnerabilities, outdated policies, and security gaps that could jeopardise the organisation. Comprehensive cybersecurity audits, whether internal or by third parties, provide a thorough overview of the entire IT infrastructure, including network, email, and physical device security.

2. Implement Network Segmentation

Network segmentation is an effective practice that divides an organisation's network into smaller, isolated subnetworks. This approach limits data access and makes it difficult for hackers to move laterally within the network if they gain access. Each subnetwork has its own security rules and access privileges, enhancing overall security by preventing unauthorised access to the entire network through a single vulnerability.


3. Enforce Cybersecurity Training and Education

Human error is a growing factor in data breaches. To mitigate this, healthcare organisations must provide comprehensive cybersecurity training to their staff. This includes educating employees on secure password creation, safe internet browsing, recognizing phishing attacks, avoiding unsecured Wi-Fi networks, setting up multi-factor authentication, and protecting sensitive information such as social security numbers and credit card details. Regular updates to training programs are necessary to keep pace with the evolving nature of cyber threats.

By adopting these measures, healthcare organisations can significantly bolster their defences against cyberattacks, safeguarding sensitive patient information and maintaining compliance with HIPAA standards. 


Read more »
Ransomware
Ascension Cyber Security Cyberattacks CyberCrime Cyberhackers CyberThreat Data Safety Healthcare Ransomware

From Crisis to Continuity: Ascension Ransomware's Ongoing Toll on Healthcare

 


In response to a recent ransomware attack that affected the care of eight Detroit-area hospitals, Ascension Michigan is providing more information about how a recent ransomware attack is affecting patient care. In May, St. Louis-based Ascension reported a major attack on its nationwide healthcare services, which resulted in some hiccups in the care nationwide. 

Ascension has been working hard to resolve those issues. There are hospitals in Novi, Rochester Hills, Southfield, Madison Heights, Warren, Detroit, East China Township and Grand Blanc that are all located in Southeast Michigan. It is still a fact that some of the patient documentation and records are still being handled manually and on paper since the attack occurred, which is still in effect in some cases.

A statement from Ascension Michigan late Monday, May 13, said that all 15 Michigan hospitals, physician offices, and care centres remain open, but things are not as normal as they seem. Even though Ascension hospitals and facilities are open and continuing to care for patients, the system says that some of their patient services are being affected. Some procedures, appointments, and tests have been postponed because of the cyberattack. 

To cope with the cyberattack, some Ascension hospitals are diverting patients to other hospitals. According to the system, appropriate steps are being taken to handle emergencies appropriately. In a statement issued by Ascension, the company said, “Safety remains our top priority as we navigate this cybersecurity incident.” Ascension operates 140 hospitals and 40 senior centres in 19 states and Washington, D.C. Based in St. Louis, the company runs 140 hospitals and 40 senior centers. 

A statement has been issued by Ascension that the patient portal MyChart and electronic health records have gone offline. Paper records are used in the system and orders for medication, diagnostic tests, and other records are completed manually by the doctor. According to the St. Louis-based parent company, which announced a ransomware attack about a week ago, the system is making some progress after working around the clock over the weekend. 

Besides the Saint Thomas hospital system that it runs throughout the state, the company also operates several other healthcare facilities, including physical therapy offices, sleep centres, and heart hospitals as well. Throughout the event on May 8, Ascension was providing updates on the situation. The following day, the company issued a statement stating it was working with several law enforcement agencies to investigate a suspected ransomware attack that was detected on the company's servers. 

The company also confirmed the next day that the unusual activity had been caused by ransomware. Several organizations, including the American Hospital Association, have pointed to Black Basta, a well-known Russian-speaking ransomware gang, as being responsible for the attack. The company has not yet commented on who is behind the attack. The U.S. government requires health companies to report breaches that affect more than 500 people within 60 days. 

The Department of Health and Human Services is responsible for health care delivery. Ascension has not yet been listed in the agency's complaint portal which indicates that it is investigating this attack. Although there have been 23 other cases of these sorts in Tennessee over the past few years, the report does mention 23 others. Among black market data, health data is worth more than credit card numbers and social security numbers on the black market. 

Over the past five years, there has been at least a double-digit increase in cyberattacks targeting U.S. healthcare companies. Throughout each of Ascension Michigan's emergency departments, walk-in patients are welcome to receive care, according to the statement. The "diversion process" in some cases has been implemented in Ascension facilities, in which ambulances bypass these facilities and go to another location instead of going to an Ascension facility. 

Several factors may affect the decision to divert patients, as well as several factors in your community, such as the severity and frequency of the case, the service lines available, and the availability of the facility. Ascension said it had communicated with emergency medical service providers regarding the facility's availability. 

According to a press statement issued by Ascension, patients suffering from medical emergencies are advised to call 911 and first responders will send them to the appropriate hospital based on their needs. According to the statement released by Ascension, the project will affect different Michigan hospitals in different ways. Ascension Ransomware Incident Continues to Impact Patient Services In the aftermath of the recent Ascension ransomware attack, patients scheduled for elective surgeries are advised to adhere to their original appointments unless otherwise notified by Ascension staff. However, due to the transition to manual systems for patient documentation, patients may experience prolonged wait times and potential delays during their visits. 

To expedite the process, patients are encouraged to bring detailed notes on their symptoms and a comprehensive list of current medications, including prescription numbers or bottles. Diagnostic tests, crucial for patient care, have faced temporary delays in some facilities as resources are redirected to prioritize inpatient and emergency services. Patients requiring rescheduled diagnostic imaging and testing will be promptly contacted by Ascension. 

Despite the operational challenges posed by the attack, Ascension Michigan's doctor’s offices and care sites remain open during regular business hours, with scheduled appointments proceeding as planned in most cases. Patients will be notified promptly if rescheduling becomes necessary. Similarly, patients are advised to carry comprehensive documentation of their symptoms and medications to facilitate smooth consultations. Pharmacy services within the Ascension network continue to operate, albeit with certain limitations. 

While prescriptions can still be filled, patients are requested to provide their prescription bottles from prior fills. Furthermore, Ascension pharmacies are unable to process credit card payments at this time. Ascension has not provided a definitive timeline for the restoration of normal system operations. Additionally, the organization is conducting an ongoing investigation, in collaboration with the FBI, to ascertain the extent of any potential compromise to patients' personal information. 

Affected patients will be duly notified if their data has been impacted. Of notable significance, the ransomware incident occurred amidst an ongoing joint venture between Ascension and Henry Ford Health, aimed at integrating eight southeast Michigan Ascension hospitals and an addiction treatment facility in Brighton into the Henry Ford Health System. This venture, announced in the previous fall, is anticipated to be finalized and branded Henry Ford Health in the summer of 2024.

It is important to clarify that this venture does not constitute a merger or acquisition, as stated by both healthcare entities. In conclusion, while Ascension works diligently to restore normalcy to its operations, patients are encouraged to remain vigilant and patient amidst any potential disruptions to their healthcare services.
Read more »
Vastaamo Centre
Data Breach Finland Healthcare Sensitive data Therapy Vastaamo Centre

Cyber Criminal Sentenced for Targeting Therapy Patients


In a recent legal case that has shaken Finland, cyber offender Julius Kivimäki, known online as Zeekill, has been sentenced to six years and three months behind bars for his involvement in a sophisticated cybercrime operation. The case revolves around the breach of Vastaamo, Finland's largest psychotherapy provider, where Kivimäki gained unauthorised access to sensitive patient records.

The Extent of the Breach

Kivimäki's method involved infiltrating Vastaamo's databases, compromising the privacy of thousands of therapy patients. Despite his unsuccessful attempt to extort a large sum of money from the company, he resorted to directly threatening patients with exposure to their therapy sessions unless they paid up. The repercussions of his actions were severe, with at least one suicide linked to the breach, leaving the nation in shock.

Legal Proceedings and Conviction

Throughout the trial, Kivimäki insisted on his innocence, even going as far as evading authorities and fleeing. However, the court found him guilty on all counts, emphasizing his ruthless exploitation of vulnerable individuals. The judges emphasized the significant suffering inflicted upon the victims, given Vastaamo's role as a mental health service provider.

A History of Cybercrime

Kivimäki's criminal journey began at a young age, participating in various cyber gangs notorious for causing chaos between 2009-2015. Despite being apprehended at the age of 15 and receiving a juvenile sentence, he persisted in his illicit activities, culminating in the Vastaamo breach.

How Law Enforcement Cracked the Case?

Law enforcement's efforts, combined with advanced digital forensics and cryptocurrency tracking, played a pivotal role in securing Kivimäki's conviction. His misstep led authorities to a server containing a wealth of incriminating evidence, aiding in his arrest and subsequent sentencing.

The Human Toll of Cyber Intrusion

Tiina Parikka, one of the affected patients, described the profound impact of receiving Kivimäki's threatening email, leading to a deterioration in her mental health. The breach not only compromised patients' privacy but also eroded their trust in the healthcare system.

Corporate Accountability

While Kivimäki faced legal consequences, Vastaamo's CEO, Ville Tapio, also received a suspended prison sentence for failing to protect customer data adequately. The once esteemed company suffered irreparable damage, ultimately collapsing in the aftermath of the breach.

Moving Forward 

As legal proceedings conclude, civil court cases are expected as victims seek compensation for the breach. The incident has stressed upon the vulnerability of healthcare data and the pressing need for robust cybersecurity implementation to safeguard the information of such sensitivity. After all, maintaining confidentiality is the first step towards establishing a healthy environment for patients.  

The Vastaamo case serves as a telling marker of the devastating consequences of cybercrime on individuals and businesses. In an age of advancing technology, it is essential for authorities and organisations to remain armed in combating such threats to ensure the protection of privacy and security for all.


Read more »
Ransomware
Citirix Account Cyber Security Cyberattacks CyberCrime CyberThreat Healthcare Hijacking Malware attacks MFA Ransomware

No MFA, No Defense: Change Healthcare Falls Victim to Citrix Account Hijacking

 


A UnitedHealth spokesperson confirmed that the black cat ransomware gang had breached Change Healthcare's network, using stolen credentials to get into the company's Citrix remote access service, which was not set up to support multi-factor authentication. It was revealed in a written statement issued by UnitedHealth's CEO Andrew Witty ahead of the hearing scheduled for tomorrow by a House Energy and Commerce subcommittee. 

This incident illustrates the significance of the healthcare giant failing to protect a critical system by failing to turn on multi-factor authentication, a consequential mistake the healthcare giant made in failing to identify the source of the intrusion into Change Healthcare's system that UnitedHealth Group previously confirmed on March 13. It is clear, according to Tom Kellerman, SVP of Cyber Strategy at Contrast Security, that UnitedHealth has shown pure negligence in this incident. 

According to the report, cybersecurity negligence resulted in systemic breaches throughout the U.S. healthcare industry. In his opinion, MFA would have likely prevented the attack chain that led to the breach, which will have long-term consequences. According to Casey Ellis, founder and chief strategy officer at Bugcrowd, the long-term effects of this massive breach will last for years. According to Ellis, at first glance, it appears that the software itself wasn't the issue that was causing the original access problem.

There was a threat of unauthorized access through remote access software without multi-factor authentication, and the credentials could have been leaked or guessed, leading to the most disruptive cyberattack on critical infrastructure in U.S. history. As a result of UnitedHealth Group's discovery and disclosure of the attack on Feb. 21, the medical claims and payment processing platform of Change Healthcare was paralyzed for more than one month, causing it to cease working completely. 

It was in late February 2024 that Optum's Change Healthcare platform was severely disrupted by a ransomware attack, resulting in a severe disruption of Optum's Change Healthcare platform. In addition to affecting a wide range of critical services used by healthcare providers all over the country, this also caused financial damages of approximately $872 million as a result of the disruption. These services included payment processing, prescription writing, and insurance claims processing. 

An exit scam was used by the BlackCat ransomware gang to steal money from UnitedHealth, which was allegedly a $22 million ransom payment made by UnitedHealth's affiliate. The affiliate claimed to still have the data shortly thereafter and partnered with RansomHub to begin an additional extortion demand by leaking stolen information in an attempt to extort the company of the affiliate. Despite recently acknowledging that it paid a ransom for people's data protection following a data breach, the healthcare organization has not released any details of the attack or who carried it. 

The company has confirmed that it paid a ransom to the hackers who claimed responsibility for a cyberattack and the subsequent theft of terabytes of data due to this cyberattack, which occurred last week. As part of their ransom demand, the hackers, known as RansomHub, threatened to post part of the stolen data to the dark web, if they did not sell the information. This is the second gang to claim theft and threaten to make money from it. 

A company that makes close to $100 billion in revenue every year, UnitedHealth said earlier this month that the company has suffered a $800 million loss due to the ransomware attack, which took place in the first quarter of 2017
Read more »
UnitedHealth
Cyberattacks CyberCrime Cyberhacks Cybersecurity Data Breach Healthcare Personal Data UnitedHealth

Cyberattack Fallout: UnitedHealth Reveals Personal Data Breach Impact

 


As part of its ongoing data breach response, UnitedHealth Group has informed its subsidiaries, Change Healthcare, that they have recently experienced a data breach. Following the February cyberattack on its subsidiary Change Healthcare, UnitedHealth Group revealed on Monday that it had paid ransom to cyber threat actors to protect patient data. 

Additionally, the company confirmed that there was a breach of files with personal information that had been compromised. In the aftermath of the attack, Change Healthcare's payment processing service was affected, and other vital services such as prescription writing, payment processing, and insurance claims were adversely affected, affecting healthcare providers and pharmacies across the United States. 

It was reported that $872 million worth of financial damage had been sustained as a result of the cyberattack. On Monday, UnitedHealth Group announced that it had published an update about the status of its monitoring of the internet and dark web to determine if data had been leaked. The update was published along with leading external industry experts. 

There are many tools provided by Change Healthcare for managing the payment and revenue cycle. This company facilitates more than 15 billion transactions each year, and one in three patient records pass through the company's systems each year. 

UnitedHealth has revealed that 22 screenshots of compromised files, allegedly taken from the compromised files, had been uploaded to the dark web, which means even patients who are not UnitedHealth customers may have been affected by the attack. There has been no publication of any additional data by the company, and they have not seen any evidence that doctor's charts or full medical histories have been accessed in the breach. 

As part of its earlier ransomware attack on its subsidiary, Change Healthcare, UnitedHealth Group has revealed that the company has suffered a significant breach that has exposed private healthcare data from "substantially a quarter" of Americans. The Change Healthcare Group manages the insurance and billing for hospitals, pharmacies, and medical practices in the U.S. healthcare industry, which offers extensive health data on approximately half of all Americans, as well as providing insurance services to numerous hospitals, pharmacies, and medical practices. 

Considering the complexity and ongoing nature of the data review, it is likely to take several months to be able to identify and notify individuals and customers who have been affected by the situation. Rather than waiting until the completion of the data analysis process for the company to provide support and robust protections, the company is immediately providing support and robust protections as part of its ongoing collaboration with leading industry experts to analyze the data involved in this cyberattack. 

In May, The Record reported that UnitedHealth Group's CEO Andrew Witty will be expected to testify before a House panel regarding the ransomware attack. Two representatives of the House Subcommittee on Health testified at the hearing last week about the cyberattack. UnitedHealth Group failed to make anyone available during the hearing. 

UnitedHealth Group reported in March that it had spent $22 million on recovering data and systems encrypted by the Blackcat ransomware gang after paying the ransom. As a result of their attack on UnitedHealth in 2008, BlackCat was accused by a member of the gang known as "Notchy" of cheating them out of their ransom payment because they had UnitedHealth data. After all, they had conducted the attack and BlackCat had fallen into their trap. 

It was confirmed by researchers that the transaction was visible on the Bitcoin blockchain and that it had reached a wallet used by BlackCat hackers at the time the transaction was reported. The U.S. government launched an investigation about a week after the ransomware attack on Optum, investigating whether or not any health data had been stolen. 

On February 21, 2018, a cyberattack hit Change Healthcare, a subsidiary of UnitedHealth Group that is owned by Optum, a company that is a subsidiary of Optum. Due to this downtime, hospitals and physician groups across the country were unable to receive their claims payments from the company. Change has been working to restore connectivity to the provider network; however, delays in the submission and receipt of payments continue to affect provider revenue, despite the improvement in connectivity. 

There was "strong progress" being made by UnitedHealth in the restoration of its Change services during its status update on Monday. After the cyberattack on Change Healthcare, UnitedHealth Group has been vigilantly monitoring the internet and dark web to ensure that any sensitive data has not been exposed further on the internet and dark web. 

There has been an increase in external cybersecurity experts that the company has enlisted to enhance its monitoring capabilities. The company has also developed a group of advanced monitoring tools that search continuously for evidence of data misuse on the Internet and dark web, which allows it to identify and take action quickly when there is any evidence. 

UnitedHealth Group has developed expert cybersecurity partnerships which are intended to mitigate data breaches by collaborating with cybersecurity professionals. Furthermore, UnitedHealth Group's law enforcement and regulatory agencies, as well as other regulatory bodies, are constantly communicating with and cooperating with UnitedHealth Group.
Read more »
Website
Cyber Security EMA fake websites FDA Healthcare Healthcare Cyberattacks Healthcare cybersecurity Illicit Activity Pharmaceutical US FDA. Website

Combatting Counterfeit Drugs Online: BrandShield's Success in Dismantling Illicit Websites

 

In the rapidly evolving landscape of online pharmaceuticals, the proliferation of counterfeit drugs poses a significant threat to consumer safety. Cybersecurity firm BrandShield has emerged as a stalwart defender in this battle, successfully dismantling over 250 websites selling counterfeit weight-loss and diabetes medications. Led by CEO Yoav Keren, BrandShield's efforts represent a concerted endeavor to combat the scourge of counterfeit pharmaceuticals and protect consumers from the dangers of fraudulent medications. 

The counterfeit drugs targeted by BrandShield predominantly belong to the GLP-1 class, including popular medications like Novo Nordisk's Ozempic and Wegovy, as well as Eli Lilly's Mounjaro and Zepbound. Originally developed to manage type 2 diabetes, these medications have garnered attention for their additional benefits in weight loss, with patients experiencing significant reductions in body weight. Unfortunately, the efficacy and popularity of these drugs have also made them lucrative targets for counterfeiters seeking to exploit the growing demand. 

According to Reuters, the majority of the illicit websites shut down by BrandShield were purveyors of counterfeit GLP-1 drugs, indicating the scale of the problem. Alarmingly, studies suggest that an estimated 95% of all online pharmacies operate unlawfully, highlighting the pervasive nature of the issue. 

Moreover, reported cases of harm linked to fake GLP-1 drugs have emerged in at least nine countries, underscoring the urgent need for action. BrandShield's recent crackdown on counterfeit drug websites represents a significant victory in the ongoing battle against online pharmaceutical fraud. The company's efforts have resulted in the closure of 90% of the identified pharmacy websites selling counterfeit GLP-1 medications. This operation accounts for just over 15% of the total counterfeit drug websites reported by BrandShield last year, emphasizing the scale of the challenge. 

Collaborating closely with the Pharmaceutical Security Institute (PSI), BrandShield employs rigorous evidence collection and intelligence gathering to identify and target illicit websites. By providing actionable intelligence to service providers hosting these websites, BrandShield facilitates their removal from the internet, effectively disrupting the operations of counterfeiters. Furthermore, the company coordinates with law enforcement agencies to investigate and prosecute criminal networks involved in the production and distribution of counterfeit drugs. 

In addition to targeting counterfeit drug websites, BrandShield's efforts extend to social media platforms, where it has removed nearly 4,000 fake drug listings. Notably, a significant portion of these listings—almost 60%—was found on Facebook, highlighting the need for vigilance across all online platforms. BrandShield's global reach ensures that illegal drug listings are eradicated from marketplaces in countries around the world, including India, Indonesia, China, and Brazil. 

Contrary to concerns raised earlier, the EMA found no evidence linking these medications to an increased risk of suicidal thoughts or self-injury. This reaffirmation of safety aligns with previous findings by the US Food and Drug Administration (FDA), providing reassurance to patients and healthcare providers alike. 

Overall, BrandShield's relentless efforts to combat counterfeit drugs online serve as a beacon of hope in the fight against pharmaceutical fraud. By dismantling illicit websites, removing fake drug listings, and collaborating with industry partners and law enforcement agencies, BrandShield is making significant strides towards safeguarding consumers and upholding the integrity of the pharmaceutical industry.
Read more »
Subscribe to: Posts (Atom)