Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Breach. Show all posts
Ransom
Cyber Attacks Data Leak Healthcare Breach Patient Data Ransom

UnitedHealth Paid Ransom After Massive Change Healthcare Cyber Assault

 

The Russian cybercriminals who targeted a UnitedHealth Group-owned company in February did not leave empty-handed.

"A ransom was paid as part of the company's commitment to do everything possible to protect patient data from disclosure," a spokesperson for UnitedHealth Group stated earlier this week. 

The spokesperson did not reveal how much the healthcare giant paid following the cyberattack, which halted operations at hospitals and pharmacies for more than a week. Multiple media outlets claimed that UnitedHealth paid $22 million in bitcoin. 

"We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it," UnitedHealth CEO Andrew Witty said in a statement Monday. 

UnitedHealth attributed the intrusion on the Russian ransomware gang ALPHV, also known as BlackCat. The group claimed responsibility for the attack, stating that it took more than six terabytes of data, including "sensitive" medical records, from Change Healthcare, which handles health insurance claims for patients who visit hospitals, medical centres, or pharmacies. 

The attack's scale—Change Healthcare performs 15 billion transactions every year, according to the American Hospital Association—meant that even people who were not UnitedHealth clients could have been affected. The attack has already cost UnitedHealth Group almost $900 million, company officials said in reporting first-quarter earnings last week. 

Ransomware attacks, which include disabling a target's computer systems, are becoming more widespread in the healthcare industry. In 2022, a study published in JAMA Health Forum found that the yearly frequency of ransomware attacks against hospitals and other providers increased.

It was "straight out an attack on the U.S. health system and designed to create maximum damage," Witty informed analysts last week during an earnings call about the Change Healthcare incident. According to UnitedHealth's earnings report, the cyberattack is ultimately estimated to cost the organisation between $1.3 billion and $1.6 billion this year.
Read more »
Ransomware attack
Cyber Attacks data security Healthcare Breach Hospitals Ransomware attack

UnitedHealth Group Cyberattack Fallout: Government Intervention and Industry Critique

 

In a recent cybersecurity incident, UnitedHealth Group revealed that its tech unit, Change Healthcare, fell victim to a cyberattack orchestrated by the infamous ransomware gang, Blackcat. The attack, which disrupted healthcare organizations nationwide, targeted electronic pharmacy refills and insurance transactions, prompting urgent responses from both the affected healthcare provider and the U.S. government. 

The attack prompted the U.S. government to announce accelerated Medicaid and Medicare payments to healthcare units impacted by the cyberattack against Change Healthcare. However, this response drew criticism from industry associations such as the American Hospital Association and the American Medical Association. 

The latter expressed concerns that the measures did not adequately protect individual practices and called for more comprehensive financial assistance, including advanced payments for physicians. Facing cash flow concerns resulting from the inability to receive payments for insurance claims, the American Medical Association urged the Department of Health and Human Services to reintroduce widespread accelerated payments, a practice prevalent during the Covid years. 

Hospitals were encouraged to submit payment requests to their healthcare contractors, seeking relief from the financial strain caused by the cyberattack fallout. Change Healthcare responded to the crisis by introducing a new service to help healthcare providers navigate the outage. This online prescription service aims to provide temporary assistance while the company works to restore its pharmacy network, a process expected to take weeks. 

Despite these efforts, the American Hospital Association criticized Change Healthcare's response, with its president and chief executive describing the temporary assistance program as "not even a band-aid" for the problems caused by the cyberattack. The incident highlights the increasing cybersecurity threats faced by the healthcare industry and the ripple effects of such attacks on critical services. 

As healthcare providers grapple with the immediate fallout, the collaboration between the government, industry stakeholders, and affected organizations becomes crucial in addressing both the short-term challenges and implementing long-term cybersecurity resilience measures. 

In conclusion, the UnitedHealth Group cyberattack serves as a stark reminder of the vulnerability of healthcare systems to malicious cyber activities. The ongoing efforts to mitigate the impact, coupled with the industry's critique of the government's response and Change Healthcare's actions, underscore the need for a unified and proactive approach to cybersecurity in the healthcare sector.
Read more »
United States
Cyber Attacks Data Privacy Healthcare Breach Ransomware Gang United States

BlackCat Ransomware Linked to UnitedHealth Subsidiary Optum Hack

 

A cyberattack against Optum, a UnitedHealth Group company, was linked to the BlackCat ransomware gang and resulted in an ongoing outage that impacted the Change Healthcare payment exchange platform. 

Customers were notified by Change Healthcare earlier this week that due to a cybersecurity incident, some of its services are unavailable. The cyberattack was orchestrated by alleged "nation-state" hackers who gained access to Change Healthcare's IT systems, according to a statement made by UnitedHealth Group in an SEC 8-K filing a day later. 

Since then, Optum has been posting daily incident updates on a dedicated status page, alerting users to the fact that most services are temporarily unavailable due to Change Healthcare's systems being offline to contain the breach and prevent future damage. 

"We have a high level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," Optum stated. "We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online.” 

Links to BlackCat 

Change Healthcare has been holding Zoom calls with partners in the healthcare sector to share information regarding the cyberattack since it affected its systems

One of the individuals involved in these calls informed a local media source that forensic experts participating in the incident response had linked the attack to the BlackCat (ALPHV) ransomware gang (Reuters first reported the Blackcat link on Monday).

Last week, another source informed BleepingComputer that one indicator of attack is a critical ScreenConnect auth bypass vulnerability (CVE-2024-1709), which is being actively used in ransomware attacks against unpatched servers. 

Tyler Mason, vice president of UnitedHealth Group, stated that 90% of the impacted pharmacies had put new electronic claim procedures in place to deal with Change Healthcare issues, but he did not confirm if BlackCat was the root of the attack. 

"We estimate more than 90% of the nation’s 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds," Mason stated. "Both Optum Rx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions. Those patients have been immediately escalated and we have no reports of continuity of care issues.” 

8,000 hospitals and other care facilities, as well as more than 1.6 million doctors and other healthcare professionals, are under contract with United Health Group (UHG), a health insurance provider with operations in all 50 states of the United States. With 440,000 employees globally, UHG is the largest healthcare corporation in the world by sales ($324.2 billion in 2022).
Read more »
Security Breach
CNIL cyber attack Cybercricme Cybersecurity CyberThreat Data Disaster Healthcare Breach Security Breach

Data Disaster: 33 Million French Citizens at Risk in Massive Leak

 


A massive security breach at two third-party healthcare payment servicers has exposed the information of nearly half of all French citizens by way of a major breach of personal information, the French data privacy watchdog revealed last week. As the National Commission on Informatics and Liberty (CNIL) warned in late January, the two leading payment processing outfits, Viamedis and Almerys, both suffered breaches of their systems, resulting in the theft of data belonging to more than 33 million customers from their systems. 

The information that has been compromised includes information such as the date of birth, marital status, social security number, and information about insurance coverage of customers and their families. According to the CNIL, the company did not compromise any banking information, medical records, or contact information. 

As a result of the sophisticated phishing attack that compromised the Almeras and Viamedis third-party payment portals late last month, both payment portals were affected as well. There was no further information provided on the causes of Almery's loss, but there is a high probability that it was a similar incident. 

As Viamedis reported, the attacks occurred within a matter of five days around the beginning of February. Hackers obtained login credentials for health professionals via phishing attacks and gained unauthorized access to the system as a result. 

Even though the exposed information does not include personal financial data, it is still sufficient to increase the likelihood of individuals being targeted by phishing scams, social engineering, identity theft, and insurance fraud as they are exposed to the information. 

According to CNIL, they will ensure Viamedis and Almerys inform impacted individuals personally and directly, to prevent them from falling victim to phishing scams in the aftermath of the attack in compliance with the General Data Protection Regulation (GDPR). In the meantime, Almerys clarified that the central system was not compromised, but the health professional portal had been infiltrated by hackers. 

As confirmed by CNIL, the compromised data includes sensitive information about the affected individuals, including their marriage status, date of birth, social security numbers, insurance details, and insurance coverage, among others. 

As the attackers accessed the two companies' systems in a targeted raid, they were using credentials stolen from healthcare professionals. Following the General Data Protection Regulation of the European Union, the CNIL is working with Viamedis and Almerys to reach out to all affected individuals. Due to the sheer number of customers involved, the process of completing the project will take some time since there are so many of them. 

The third-party payment system which allows patients to not pay for their medical services in advance will not be available for providers for some time as a result of this attack, but users will still be able to access the system. 

Since the massive amount of compromised data has now been in the wrong hands, the French data authority has issued an alert to beware of phishing attacks, and while a detailed investigation is ongoing to determine exactly how the massive breach happened and if Viamedis or Almerys is to blame, a new warning has been issued regarding phishing attacks.
Read more »
Subscribe to: Posts (Atom)