For the first time since being breached, United Healthcare has admitted to the number of individuals affected by the Change Healthcare ransomware attack — a staggering 100 million people.
The incident occurred in February, yet Change Healthcare didn’t send out a notification warning to those impacted until June. In May, Andrew Witty, CEO of UnitedHealth, hinted at the massive scale of the breach, estimating that it was possible a third of all American health data had been compromised in the ransomware attack.
The breach has caused wave after wave of issues and prompted numerous calls for action regarding the state of cybersecurity in the healthcare sector. The ransomware attack was perpetrated at the hands of BlackCat/ALPHV, which Change Healthcare ultimately decided to pay off in order to get its systems back up and running.
But the breaches didn’t stop there. The company faced yet another attack, this time at the hands of RansomHub, which demanded a payment for the 4TB of data it stole, most of it medical records and financial data belonging to US military personnel. RansomHub has threatened to sell the sensitive information to the highest bidder.
After testifying in Congress in May, Change Healthcare revealed it had paid $22 million in ransom to the attackers who compromised its systems in February. It also revealed that the attackers were able to use previously compromised credentials to get into Change Healthcare’s system, which was not protected with multifactor authentication (MFA). Overall, the revelations in the hearing pointed to a lack of security maturity, leading to easy access for the attackers and a breach that caused delays in healthcare services.
“UnitedHealth is a very large, very complex entity from a systems point of view, and the regulatory framework is equally large and complex — considering all the variables and processes involved — the time frame for confirmation seems within reason,” Dan Ortega, security strategist at Anomali, wrote in an emailed statement. “However, this doesn’t mean that it’s acceptable from an operational efficiency or public safety standpoint.”
For the 100 million Americans affected by this breach who have received notice of their compromised data, their information that was stolen includes health insurance data; health information such as medical records, prescriptions, test results, images, diagnoses, and more; billing, claims, and financial and banking information; and Social Security numbers, driver’s license information, and passport numbers.
Source link
#100M #Compromised #Change #Healthcare #Breach
Unlock the potential of cutting-edge AI solutions with our comprehensive offerings. As a leading provider in the AI landscape, we harness the power of artificial intelligence to revolutionize industries. From machine learning and data analytics to natural language processing and computer vision, our AI solutions are designed to enhance efficiency and drive innovation. Explore the limitless possibilities of AI-driven insights and automation that propel your business forward. With a commitment to staying at the forefront of the rapidly evolving AI market, we deliver tailored solutions that meet your specific needs. Join us on the forefront of technological advancement, and let AI redefine the way you operate and succeed in a competitive landscape. Embrace the future with AI excellence, where possibilities are limitless, and competition is surpassed.