Scroll Top

Update to the Data Breach at Change Healthcare

Update to the Data Breach at Change Healthcare
UnitedHealthGroup
0
By Mike Sulmonetti Security Blog July 15, 2024
Here’s what we know now about the Change Healthcare Data Breach:

  1. AlphaV or BlackCat  successfully infiltrated Change Healthcare via Stolen Credentials that did not have Multi Factor Authentication associated with the account.On March 1st Change Healthcare made a payment to the hackers for $22 Million Dollars or 351 Bitcoin. “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.” The data covers “a substantial proportion of people in America.”
  2. Change Healthcare says names, addresses, health insurance information and personal information like Social Security numbers may have been exposed in the attack. The company is still investigating.
  3. The fear now is that the payment encourages other actors to target healthcare.
  4. In the Hacking Community arguing is going on about payment to all involved. Due to this a second ransomware group is claiming to possess the stolen data.
  5. Screenshots of data are on the Dark Web.
  6. Change Healthcare says it has lost $872 Million due to the incident so far.
  7. Parent Company UnitedHealthcare Group Inc. made $371 Billion in revenue in 2023. 1st quarter 2024 revenues were $100 Billion.  https://www.unitedhealthgroup.com/investors/financial-reports.html
  8. Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.
  9. It is unclear if stolen customer medical data was returned.
  10. The company has been offering to pay for two years of credit monitoring and identity theft protection for people worried that their information may have been exposed in the attack.

How to Mitigate Cybersecurity Risk:

  • Implement a Cybersecurity Framework/Program
  • Implement Multifactor Authentication (MFA) on all user accounts.
  • Regularly Backup Data and Test Restore Functionality.
  • Follow Digital Identity Guidance in NIST SP800-63B.
  • Follow a Zero Trust Security Model.
  • Implement End User Cybersecurity Awareness Training and Test Periodically.
  • Implement a Third-Party Vendor Management Program to verify their Cybersecurity.
  • Don’t Give Third-Party Vendors 24x7x365 Access to your Networks.
  • Perform Quarterly Vulnerability Assessments and Yearly Penetration Tests and Perform Patching.
  • Filter Inbound and Outbound Ports both UDP and TCP.
  • Block Malicious Websites and Nation States Known for Hacking.

For Cybersecurity Services contact Topgallant Partners at 844-973-6837 x709

Visit Our Website at: https://www.topgallant-partners.com

#securitybreach, #penetrationtest, #vulnerabilityassessment, #HIPAA, #GRC

0
Mike Sulmonetti / About Author
Senior Cyber Security Consultant
More posts by Mike Sulmonetti
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required