The lack of adequate protection has cost the US healthcare system $6 billion.
In February 2024, Change Healthcare, a company owned by UnitedHealth, was subjected to a large-scale cyber attack, which resulted in one of the largest medical data leaks in the history of the United States. Cybercriminals have stolen the personal and medical information of millions of Americans, with serious consequences for the entire country's healthcare system.
On February 21, the first failures occurred in the Change Healthcare system. Many medical institutions and insurance companies faced a shutdown of the platform for processing bills and insurance payments. The company confirmed that the cause of the failures was a cybersecurity incident. It turned out that to prevent further penetration of hackers, Change Healthcare was forced to completely disconnect its network, which caused interruptions in the work of many medical institutions across the country.
On February 29, UnitedHealth reported that the cyberattack was carried out by the ALPHV/BlackCat ransomware group, which officially claimed responsibility for the attack and claimed to have stolen millions of sensitive American data. Recall that the group has already ceased its activities after the operation of the FBI.
In early March, UnitedHealth was forced to pay ALPHV a $22 million buyout. However, a few days later, the group's website disappeared on the Darknet, and the criminals themselves could not be found. They probably fled with the money they received, leaving the stolen data behind. Despite the loss of part of the ransom, the criminals said that the stolen data is still in their possession, creating a threat of further use or sale of the data.
By March 13, Change Healthcare had received a "secure" copy of the stolen data, for which it had paid a ransom a few days earlier. This allowed Change to begin the process of examining the dataset to determine whose information was stolen in the cyberattack, with the goal of notifying as many affected individuals as possible.
By mid-March, disruptions to the U.S. healthcare system continued. Many patients were unable to get their prescriptions, and some were forced to pay for their medications out of their own pockets. It turned out that hackers gained access to an extensive database containing medical records, diagnoses, test results, treatment plans and other personal information of patients.
At the end of March, the US government increased the reward for information about ALPHV leaders to $10 million, trying to attract informants from among the former members of the group.
In April, the aggrieved partner ALPHV, who did not receive his share of the ransom, began to cooperate with another ransomware group, RansomHub. With the data stolen from Change Healthcare, the ransomware demanded a second ransom from UnitedHealth and published some of the stolen data as proof of the seriousness of its intentions.
The incident demonstrated the danger of double and triple extortion, when criminals do not just encrypt files, but also steal data and threaten to publish it if the ransom is not paid, which is known as "double extortion". In some cases, when the victim pays the ransom, the ransomware can demand the money again — or start extorting money from the victim's customers, which is called "triple extortion".
In mid-April, UnitedHealth reported that the total cost of eliminating the consequences of a cyber attack for the first quarter of 2024 was $872 million. In addition to this amount, UnitedHealth provided upfront financing and interest-free loans of more than $6 billion, allocated to support medical institutions affected by the incident.
On April 22, UnitedHealth confirmed that a significant portion of the U.S. population was affected by the data breach. Although the company did not disclose the exact number of victims, it is estimated that it could be more than 100 million people. The situation was aggravated by the admission of the head of UnitedHealth Group, who in May at a congressional hearing said that hackers access to the system was obtained due to the use of a simple account that is not protected by two-factor authentication.
Notification of victims of data theft began only in June. The delay in notification is probably caused in part by the large volume of stolen information. Change Healthcare in July started sending out emails that tell you exactly what information was stolen – medical data, insurance information, as well as financial and banking information.
Source
In February 2024, Change Healthcare, a company owned by UnitedHealth, was subjected to a large-scale cyber attack, which resulted in one of the largest medical data leaks in the history of the United States. Cybercriminals have stolen the personal and medical information of millions of Americans, with serious consequences for the entire country's healthcare system.
On February 21, the first failures occurred in the Change Healthcare system. Many medical institutions and insurance companies faced a shutdown of the platform for processing bills and insurance payments. The company confirmed that the cause of the failures was a cybersecurity incident. It turned out that to prevent further penetration of hackers, Change Healthcare was forced to completely disconnect its network, which caused interruptions in the work of many medical institutions across the country.
On February 29, UnitedHealth reported that the cyberattack was carried out by the ALPHV/BlackCat ransomware group, which officially claimed responsibility for the attack and claimed to have stolen millions of sensitive American data. Recall that the group has already ceased its activities after the operation of the FBI.
In early March, UnitedHealth was forced to pay ALPHV a $22 million buyout. However, a few days later, the group's website disappeared on the Darknet, and the criminals themselves could not be found. They probably fled with the money they received, leaving the stolen data behind. Despite the loss of part of the ransom, the criminals said that the stolen data is still in their possession, creating a threat of further use or sale of the data.
By March 13, Change Healthcare had received a "secure" copy of the stolen data, for which it had paid a ransom a few days earlier. This allowed Change to begin the process of examining the dataset to determine whose information was stolen in the cyberattack, with the goal of notifying as many affected individuals as possible.
By mid-March, disruptions to the U.S. healthcare system continued. Many patients were unable to get their prescriptions, and some were forced to pay for their medications out of their own pockets. It turned out that hackers gained access to an extensive database containing medical records, diagnoses, test results, treatment plans and other personal information of patients.
At the end of March, the US government increased the reward for information about ALPHV leaders to $10 million, trying to attract informants from among the former members of the group.
In April, the aggrieved partner ALPHV, who did not receive his share of the ransom, began to cooperate with another ransomware group, RansomHub. With the data stolen from Change Healthcare, the ransomware demanded a second ransom from UnitedHealth and published some of the stolen data as proof of the seriousness of its intentions.
The incident demonstrated the danger of double and triple extortion, when criminals do not just encrypt files, but also steal data and threaten to publish it if the ransom is not paid, which is known as "double extortion". In some cases, when the victim pays the ransom, the ransomware can demand the money again — or start extorting money from the victim's customers, which is called "triple extortion".
In mid-April, UnitedHealth reported that the total cost of eliminating the consequences of a cyber attack for the first quarter of 2024 was $872 million. In addition to this amount, UnitedHealth provided upfront financing and interest-free loans of more than $6 billion, allocated to support medical institutions affected by the incident.
On April 22, UnitedHealth confirmed that a significant portion of the U.S. population was affected by the data breach. Although the company did not disclose the exact number of victims, it is estimated that it could be more than 100 million people. The situation was aggravated by the admission of the head of UnitedHealth Group, who in May at a congressional hearing said that hackers access to the system was obtained due to the use of a simple account that is not protected by two-factor authentication.
Notification of victims of data theft began only in June. The delay in notification is probably caused in part by the large volume of stolen information. Change Healthcare in July started sending out emails that tell you exactly what information was stolen – medical data, insurance information, as well as financial and banking information.
Source
