[ad_1]
The ransomware attack earlier this year on UnitedHealth-owned health technology company Change Healthcare was likely one of the largest data breaches of U.S. health and medical data in history.
Months after the data breach in February, “a large percentage of people living in America” received notification in the mail that their personal and health information had been stolen by cybercriminals during the Change Healthcare cyberattack. It is now known that at least 100 million people have been affected by this breach.
Change Healthcare processes billing and insurance for hundreds of thousands of hospitals, pharmacies and medical practices across the US healthcare industry. As such, it collects and stores vast amounts of highly sensitive medical data about patients in the United States. Through a series of mergers and acquisitions, Change has become one of the largest health data processors in the United States, handling between a third and a half of all health transactions in the United States.
Here’s what’s happened since the ransomware attack began.
February 21, 2024
The first report of a power outage with the emergence of a security incident
It seemed like a normal Wednesday afternoon, until it wasn’t. The outage was sudden. On February 21, billing systems at doctors’ offices and health care practices stopped working, and insurance claims stopped being processed. The status page on Change Healthcare’s website was filled with outage notices affecting every part of its business, and later that day the company confirmed it was “experiencing a network outage related to a cybersecurity issue.” Clearly something had gone very wrong.
It turns out that Change Healthcare invoked its security protocols and shut down its entire network to isolate the hackers it found in its systems. It means a sudden and widespread outage for a health care sector that relies on a few companies — like Change Healthcare — to handle health care insurance and billing claims for large swaths of the United States. It later emerged that hackers had initially breached the company’s systems more than a week earlier, on or around February 12.
February 29, 2024
UnitedHealth confirms it has been attacked by a ransomware gang
After UnitedHealth initially (and incorrectly) attributed the hack to hackers working for a government or nation-state, it later said on February 29 that the cyberattack was in fact the work of a ransomware gang. UnitedHealth said the gang “introduced itself to us as ALPHV/BlackCat,” a company spokesperson told TechCrunch at the time. A dark web leak site linked to the ALPHV/BlackCat gang also claimed responsibility for the attack, claiming to have stolen sensitive health and patient information of millions of Americans, giving the first indication of how many individuals were affected by this incident.
ALPHV (also known as BlackCat) is a well-known Russian-speaking ransomware-as-a-service gang. Its affiliates – contractors working for the gang – break into victims’ networks and spread malware developed by ALPHV/BlackCat leaders, who take a portion of the profits collected from ransoms collected from victims to recover their files.
Knowing that the breach was caused by a ransomware gang changed the attack equation from the type of hacking done by governments — sometimes to send a message to another government rather than releasing the private information of millions of people — to a breach caused by financially motivated cybercriminals. , who will likely use completely different playbooks to get the payday.
March 3-5, 2024
UnitedHealth pays a $22 million ransom to the hackers, who then disappear
In early March, the ALPHV ransomware gang disappeared. The gang’s leaking website on the dark web, which took responsibility for the cyberattack weeks ago, has been replaced with a seizure notice claiming that UK and US law enforcement have taken down the gang’s website. But the FBI and UK authorities denied eliminating the ransomware gang as they had tried months ago. All signs pointed to ALPHV escaping with the ransom and pulling an “exit scam.”
In a post, the ALPHV affiliate that carried out the hack on Change Healthcare claimed that ALPHV leadership stole $22 million paid in ransom and included a link to One Bitcoin transaction on March 3 as proof of their claim. But despite losing its share of the ransom payment, the subsidiary said the stolen data “is still with us.” UnitedHealth paid a ransom to the hackers, who left the data behind and disappeared.
March 13, 2024
Widespread disruption across US healthcare amid fears of a data breach
Meanwhile, weeks after the cyberattack, service outages were still ongoing, with many unable to get their prescriptions or having to pay cash out of pocket. Military health insurer TriCare said “all military pharmacies worldwide” were also affected.
It was the American Medical Association Saying that there is little information from UnitedHealth and Change Healthcare about the ongoing outages, causing massive disruption that continues to spread across the healthcare sector.
By March 13, Change Healthcare had received a “secure” copy of the stolen data for which it had just days earlier paid $22 million. This allowed Change to begin the process of searching the dataset to determine what information was stolen in the cyberattack, with the goal of notifying as many affected individuals as possible.
March 28, 2024
The US government raises the reward to $10 million for information leading to the arrest of ALPHV
By late March, the US government said it would increase its rewards for information on ALPHV/BlackCat’s key leadership and its affiliates.
By offering $10 million to anyone who can identify or locate the individuals behind the gang, the US government appears to hope that an insider will turn on their former leaders. It can also be seen as the United States’ awareness of the threat that a large amount of Americans’ health information may be published online.
April 15, 2024
The contractor forms a new ransomware gang and releases some stolen health data
Then there were two types of ransom, viz. By mid-April, the wronged affiliate had set up a new extortion racket called RansomHub, and since it still possessed the data it had stolen from Change Healthcare, it made a second ransom demand from UnitedHealth. In doing so, RansomHub published part of the stolen files containing what appeared to be private and sensitive patient records as evidence of their threat.
Ransomware gangs don’t just encrypt files; They also steal as much data as possible and threaten to release the files if the ransom is not paid. This is known as “double blackmail.” In some cases, when the victim pays, the ransomware gang can blackmail the victim again — or, in other cases, blackmail the victim’s clients, which is known as “triple extortion.”
Now that UnitedHealth is willing to pay a single ransom, there is a risk that the healthcare giant will be blackmailed again. That’s why law enforcement has long advocated against paying ransoms that allow criminals to take advantage of cyberattacks.
April 22, 2024
UnitedHealth says ransomware hackers stole health data on “large percentage of people in America.”
For the first time, UnitedHealth confirmed on April 22 — more than two months after the ransomware attack began — that there had been a data breach and that it likely affected “a significant percentage of people in America,” without specifying how many millions of people were exposed. entails. UnitedHealth also confirmed that it paid a ransom for the data, but did not say how many ransoms it ultimately paid.
The company said that the stolen data includes highly sensitive information, including medical records, health information, diagnoses, medications, test and imaging results, care and treatment plans, and other personal information.
Since Change Healthcare handles the data of about a third of all people living in the United States, the data breach would likely affect at least more than 100 million people. When TechCrunch reached out to a UnitedHealth spokesperson, he did not dispute the number potentially affected, but said a review of the company’s data is ongoing.
May 1, 2024
The CEO of UnitedHealth Group attests that the change was not using basic cybersecurity
Perhaps it’s no surprise that when your company suffers one of the largest data breaches in modern history, its CEO is bound to be called to testify before lawmakers.
That’s what happened with UnitedHealth Group (UHG) CEO Andrew Witty, who admitted on Capitol Hill that hackers broke into Change Healthcare’s systems using a single password set on a user account not protected by multi-factor authentication, a key security feature that can prevent reuse attacks. Password by requesting a second code sent to the phone of this account holder.
The main message was that one of the largest data breaches in US history was completely preventable. Whitty said the data breach likely affected about a third of people living in America — consistent with the company’s previous estimates that the breach affected a similar number of people for whom Change Healthcare processes health care claims.
June 20, 2024
UHG begins notifying hospitals and medical providers affected by stolen data
It took Change Healthcare until June 20 to begin formally notifying affected individuals that their information had been stolen, as is legally required under the law known as HIPAA, which was likely delayed in part by the sheer size of the stolen data set.
Company Posted a notice disclosing the data breach It said it would begin notifying individuals it identified in the “secure” version of the stolen data. But Change said it “cannot confirm exactly” what data was stolen about each individual and that the information may vary from person to person. Change says it was posting the notice on its website because it “may not have sufficient addresses for all affected individuals.”
The incident was so large and complex that the U.S. Department of Health and Human Services I intervened and said Affected health care providers, whose patients are ultimately affected by the breach, can ask UnitedHealth to notify affected patients on their behalf, an effort seen as easing the burden on smaller providers whose finances have been hurt amid the ongoing outages.
July 29, 2024
Change Healthcare will begin notifying known affected individuals via letter
The health tech giant confirmed in late June that it would begin notifying those whose healthcare data was stolen in a ransomware attack on a rolling basis. This process began in late July.
Messages to affected individuals will likely come from Change Healthcare, if not from the specific healthcare provider affected by the Change breach. The message confirms the types of data stolen, including medical data, health insurance information, claims and payment information, which Cheng said included financial and banking information.
October 24, 2024
UnitedHealth confirms that at least 100 million people were affected by the data breach
It took the health insurance giant more than eight months to make the announcement, but it has now confirmed that the data breach affects more than 100 million individuals. The number of those affected is expected to rise, given that some of them received notifications of a data breach last October. US Department of Health and Human Services You mentioned the updated number on its data breach portal on October 24.
Currently, the Change Healthcare data breach is now the largest digital theft of American medical records, and one of the largest data breaches in living history.
[ad_2]