U.S. under cyber attack Health tech giant Change Healthcare has brought much of the U.S. healthcare system to a standstill for the second week in a row.
Hospitals cannot check inpatient insurance benefits, process prior authorizations required for patient procedures and surgeries, or process billing for medical services. Pharmacies have difficulty determining how much to charge patients for prescriptions without access to patients’ health insurance records, forcing some to pay out-of-pocket cash for expensive drugs while others cannot afford the cost.
Since Change Healthcare abruptly shut down its network on Feb. 21 to contain digital intruders, some smaller health care providers and pharmacies have warned that they are struggling to pay bills and staff without cash from the insurance giant. Reserves will collapse. .
UnitedHealth Group, the parent company of Change Healthcare, said in a filing with government regulators on Friday that the health technology company is making “substantial progress” in restoring affected systems.
As the near-term impact of the ongoing outage on patients and healthcare providers becomes clearer, questions remain about the security of the highly sensitive medical information of millions of people handled by Change Healthcare.
A prolific ransomware gang from Russia has claimed but has not released evidence of a cyberattack on Change Healthcare that stole a major bank containing the private medical data of millions of patients from the healthtech giant’s systems. In a new twist, a ransomware gang now appears to have faked its own demise and disappeared off the map after receiving millions of dollars worth of cryptocurrency ransoms.
If patient data is stolen, the consequences for affected patients can be irreversible and last a lifetime.
Change Healthcare is one of the world’s largest providers of health and medical data and patient records, processing billions of healthcare transactions each year. Since 2022, the health tech giant has been owned by UnitedHealth Group, the largest health insurance company in the United States. Hundreds of thousands of doctors and dentists and tens of thousands of pharmacies and hospitals across the United States rely on it to bill patients as their health insurance benefits allow.
This scale brings special risks. U.S. antitrust officials unsuccessfully sued to block UnitedHealth from acquiring Change Healthcare and merging it with its health care subsidiary Optum, arguing that UnitedHealth would gain an unfair competitive advantage by having access to “about half of all Americans’ health insurance claims each year.”
For its part, Change Healthcare has so far repeatedly avoided disclosing whether patient data was compromised in cyberattacks. But that hasn’t assuaged concerns among healthcare executives who fear the data-related consequences of cyberattacks are yet to come.
In a letter to the U.S. government on March 1, the American Medical Association warned of “significant data privacy concerns” and was concerned that the incident would “lead to widespread disclosure of patient and physician information.” The reporter quoted AMA President Jesse Ehrenfeld as saying that Change Healthcare “did not clearly state what data was leaked or stolen.”
The director of cybersecurity at a large US hospital system told TechCrunch that while they are in regular contact with Change and UnitedHealth, so far they have heard nothing about the security or integrity of patient records. Cybersecurity chiefs have expressed alarm at the prospect that hackers could publish stolen sensitive patient data online.
The person said the gradual escalation of Change’s communications from hinting that data may have been compromised to acknowledging active investigations with several incident response firms suggests that sooner or later we will learn how much data was stolen. , and from whom. Clients will bear some responsibility for the hack, the person said, asking not to be named because they were not authorized to speak to the media.
Ransomware gang carries out ‘exit scam’
Now, the hackers appear to have disappeared, adding to the unpredictability of the situation.
UnitedHealth initially blamed the cyberattack on unspecified government-backed hackers, but later walked back that claim and blamed the Russia-based ransomware and extortion cybercrime group ALPHV, also known as BlackCat. The group has no known ties to any government.
Ransomware and extortion gangs are financially motivated and often employ a dual extortion strategy, first scrambling the victim’s data with file-encrypting malware, then stealing a copy for themselves and threatening to publish the data online if the ransom demand is not paid. .
On March 3, an affiliate of ALPHV/BlackCat (actually a contractor that earns commissions by launching cyberattacks using the ransomware gang’s malware) complained on a cybercrime forum, claiming that ALPHV/ BlackCat defrauded affiliates of their income. The affiliate claimed in the post that ALPHV/BlackCat stole the $22 million in ransom money Change Healthcare allegedly paid to decrypt its files and prevent data breaches, first reported by veteran security watcher DataBreaches.net.
As evidence of its claims, the affiliate provided the exact cryptographic wallet address that ALPHV/BlackCat allegedly used to receive the ransom two days ago. When the payment was made, the wallet showed a Bitcoin transaction worth $22 million.
The affiliate added that despite losing part of the ransom, the stolen data “is still with us,” suggesting that compromised affiliates still have access to large amounts of stolen sensitive medical and patient data.
UnitedHealth declined to confirm to reporters whether it had paid the hackers’ ransom, instead saying the company was focused on the investigation. When TechCrunch asked UnitedHealth if it disputed reports that the ransom was paid, a spokesperson for the company did not respond.
By March 5, ALPHV/BlackCat’s website had disappeared, and researchers believed it was an exit scam, in which the hackers fled with their newfound wealth, never to be seen again, or to keep a low profile and later reorganize into a new gang.
The gang’s darknet website was replaced by a splash screen purporting to be a law enforcement seizure notification. In December, a global law enforcement operation destroyed part of ALPHV/BlackCat’s infrastructure, but the gang returned and soon began targeting new victims.But this time, security researchers Suspect This was the gang’s own deception, not another legitimate takedown.
A spokesman for the UK’s National Crime Agency, which was involved in ALPHV/BlackCat’s initial breach last year, told TechCrunch that ALPHV/BlackCat’s ostensibly seized websites “were not the result of NCA activity.” Other global law enforcement agencies have also denied involvement in the group’s sudden disappearance.
It’s not uncommon for cybercrime groups to shake off reputational problems by reforming or rebranding, something they might do after being caught in a law enforcement operation or stealing affiliates’ illicit proceeds.
Even if payment is made, there is no guarantee that hackers will delete the data. A recent global law enforcement operation aimed at disrupting the prolific LockBit ransomware operation found that cybercriminal groups do not always delete victims’ data if a ransom is paid, as they claim. Companies have begun to acknowledge that paying a ransom does not guarantee the return of files.
For those on the front lines of healthcare cyber security, the worst-case scenario is when stolen patient records become public.
The hospital’s cybersecurity director told TechCrunch that the patient safety and financial impact of this situation will last for years.
Do you work at Change Healthcare, Optum or UnitedHealth and want to know more about cyberattacks? Please call +1 646-755-8849 or contact Signal and WhatsApp via email. You can also send files and documents via SecureDrop.
3 Comments
Pingback: As Change Healthcare outage continues, concerns grow that patient data could be compromised – Tech Empire Solutions
Pingback: As Change Healthcare outage continues, concerns grow that patient data could be compromised – Mary Ashley
Pingback: As Change Healthcare outage continues, concerns grow that patient data could be compromised – Paxton Willson