Key Takeaways
- More than 100 million Americans were impacted by the assault on Change Healthcare, a division of UnitedHealth Group.
- Unsecured login procedures were used by the BlackCat ransomware group to obtain access.
- Calls for stronger cybersecurity regulations in the healthcare industry have increased as a result of this hack.
of 100 million people have been informed of the breach, according to Change Healthcare’s notice to the Department of Health and Human Services (HHS).
The biggest healthcare data security breach in America is this cyberattack.
The most recent breach puts a third of Americans’ health data at risk
The CEO of UnitedHealth Group, Andrew Witty, emphasized the gravity of the problem by saying that “perhaps a third” of Americans’ health information may have been compromised.
UnitedHealth had disclosed that the exposed data included their health information as well as private health details that contained personally identifiable information (PII).
In order to notify consumers and individuals about the illegal intrusion on CHC systems and to give resources for those who think their personal information may be at risk, this substitute notice is being posted by CHC,” the group noted.”
Following a ransomware attack that gave hackers access to six terabytes of data, the breach happened in February. Healthcare institutions experienced extensive disruption as a result, which affected claims processing and resulted in millions of delays.
The Attack by BlackCat and Security Vulnerabilities
Using credentials that were taken, the BlackCat ransomware group—also referred to as ALPHV—started the ransomware campaign. With these credentials, access was granted via Change Healthcare’s Citrix remote service, which lacked multi-factor authentication (MFA).
Change Healthcare had to shut down vital IT systems in order to limit the attack after the group exfiltrated the data before encrypting the network. Significant interruptions occurred at pharmacies and clinics during this time, and some patients were forced to pay full amounts for prescription drugs that were often covered by insurance.
According to reports, UnitedHealth paid $22 million for a decryptor and guarantees that the stolen data would be erased when the attackers sought a ransom.
However, Change Healthcare’s data resurfaced on RansomHub, a data leak website, following BlackCat’s shutdown. As a result, there were more efforts at extortion, with the attackers requesting more money to stop the publication.
The RansomHub data listing was taken down after talks, which would mean that a second ransom was paid. HHS and the Office for Civil Rights, which is in charge of HIPAA compliance, are among the federal agencies that are giving this incident more attention.
The absence of multi-factor authentication, a crucial security lapse, is the main focus of both agencies’ investigations into UnitedHealth and Change Healthcare’s reaction.
According to UnitedHealth’s Q3 report, the financial damages from this breach have already totaled $872 million and might total up to $2.45 billion by the end of the year.
