Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Breaches. Show all posts

UnitedHealth Confirms 100M Affected in Record-Breaking Change Healthcare Hack

 


Several hundred million people's personal information was compromised in a hack of UnitedHealth's (UNH.N) tech unit Change in February, according to data published by the U.S. health department on its website. That makes it the largest healthcare data breach in American history. The CEO of UnitedHealth, Andrew Witty, warned at a congressional hearing on May 12 that a third of all Americans' health records may have been breached as a result of the cyberattack. 

As a result of a ransomware attack in February, Change Healthcare published a data breach notification warning that a "considerable quantity of information" about a "substantial proportion" of Americans was exposed by the February ransomware attack. One of the most severe breaches of the American healthcare system has been UnitedHealth's report that hackers may have stolen a third of Americans' data in what is being called one of the worst attacks of its kind. In June, the company began notifying patients who were affected by the outbreak. 

A statement released by the Health and Human Services Department this week, which accompanies the department's report, indicated that about a third of the medical data of Americans was exposed in a data breach that occurred in February. UnitedHealth made a statement back in April that the cyberattack had compromised sensitive data for "a substantial proportion of Americans". According to these findings, that statement is confirmed. 

There was a cyberattack at the end of February by the ransomware group ALPHV, which is also known as "BlackCat," which targeted UnitedHealth subsidiary Change Healthcare, causing months of outages as well as disruptions in the filing of claims across UnitedHealth's entire healthcare system. The company Change Healthcare is one of the world's largest companies processing health payments and working with some of the world's largest insurance companies such as Aetna, Anthem, Blue Cross Blue Shield, and Cigna to provide payment processing services. 

The ransomware attack and data breach that occurred at Change Healthcare stand out as one of the largest and most expensive data breaches in the history of the world, as well as the largest to hit healthcare records in the U.S. Likely, the ramifications the theft of millions of Americans' confidential health information will have on their lives for the rest of their lives are likely to be equally devastating. There was a notification program launched by UHG in late July that continued through October. 

Different types of data were stolen by the individual, but Change previously stated that it includes personal information such as names, addresses, dates of birth, telephone numbers, and e-mail addresses, as well as government identification documents, such as Social Security numbers, driver's license numbers, and passport numbers, which are all logged into the system. In addition to this data, which has been stolen, there are also financial and banking details found in the claims and payment data, which are all part of the stolen health data, such as diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information. 

There are many services in the healthcare industry that have developed over the years, but Change Healthcare has grown into one of the greatest handlers of health, medical data, and patient records as it processes patient insurance and billing across thousands of hospitals, pharmacies, and practices across the United States. This means that Change has the privilege of handling enormous amounts of health and medical information relating to about one-third of the people in this country, the chief executive Andrew Witty revealed in May to lawmakers.  

A cyber attack was launched on February 21 as Change Healthcare pulled much of its network offline to contain the intruders, which resulted in immediate outages throughout the U.S. healthcare sector, since Change helps handle patient insurance and billing for many companies. UnitedHealth had suffered a data breach due to a ransomware attack on its subsidiary Change Healthcare in February, which resulted in widespread outages in the U.S. healthcare system as a result. 

There was a disruption to the company's IT systems, preventing doctors and pharmacies from filing claims, as well as preventing pharmacies from accepting discount prescription cards, which forced patients to pay full price for their medication as a result of the disruption. An attack was conducted on a company's Citrix remote access service using stolen credentials, which was not equipped with multi-factor authentication, by the BlackCat ransomware gang. This type of attack is commonly known as the ALPHV ransomware attack.

In a recent incident, UnitedHealth Group disclosed that a cyberattack on Change Healthcare resulted in the theft of approximately 6 terabytes of sensitive data and the encryption of computers within the company's network. This breach, described as the largest healthcare data breach in U.S. history, forced the organization to shut down its IT systems to contain the spread of the ransomware. The attack affected more than 100 million individuals, exposing personal health information and creating widespread security concerns.

The perpetrators behind the breach, linked to the BlackCat ransomware group, demanded a ransom for the decryption of the data and the deletion of the stolen files. UnitedHealth Group confirmed that it paid a $22 million ransom to the attackers to recover the data and prevent further dissemination of sensitive information. However, a dispute arose regarding the division of the ransom payment. The affiliate responsible for executing the attack was supposed to share the ransom proceeds with the broader ransomware operation. Instead, BlackCat orchestrated an exit scam, shutting down abruptly and keeping the entire payment. 

The hack highlighted critical vulnerabilities in Change Healthcare's cybersecurity measures, particularly the lack of multi-factor authentication (MFA), which allowed attackers to gain unauthorized access. However, industry analysts and lawmakers emphasized that the primary motivation for the attack was the extensive and valuable troves of sensitive data that Change Healthcare collects and stores. 

The company's significant data holdings made it an attractive target for cybercriminals, given the potential for monetizing personal and medical information. Change Healthcare, a prominent player in the healthcare technology and data solutions industry became part of UnitedHealth Group through a $7.8 billion acquisition in 2022. This merger integrated Change Healthcare with Optum, a U.S. healthcare provider owned by UnitedHealth that offers services including physician groups, technology solutions, and data analytics to insurance companies and healthcare providers. The acquisition provided Optum with extensive access to patient records and data maintained by Change Healthcare, strengthening UnitedHealth's position in the industry. 

The merger between Change Healthcare and Optum faced considerable regulatory scrutiny from federal antitrust authorities in the United States. The Department of Justice (DOJ) opposed the acquisition, arguing that UnitedHealth's control over Change Healthcare would provide an unfair competitive edge by allowing access to a substantial portion of Americans' healthcare data. According to the DOJ, around half of all U.S. health insurance claims pass through Change Healthcare annually. 

Despite these concerns, the merger was approved by a federal judge, enabling UnitedHealth Group to expand its influence in the healthcare sector. UnitedHealth Group's latest financial reports reveal that it serves over 53 million customers in the United States and an additional 5 million internationally through various benefit plans. Optum, meanwhile, provides services to approximately 103 million U.S. consumers. In 2023, UnitedHealth reported $22 billion in profit on revenues of $371 billion, with CEO Andrew Witty receiving $23.5 million in total compensation for the year. The recent breach spotlighted cybersecurity gaps and reignited discussions about UnitedHealth's market power. 

Reports indicate that before the Change Healthcare hack, the Justice Department had been intensifying its investigation into potential anticompetitive practices by UnitedHealth Group, raising questions about the company's consolidation strategies and their impact on the U.S. healthcare landscape. The incident underscores the urgent need for robust cybersecurity measures in the healthcare industry, especially for organizations handling vast quantities of sensitive data. As investigations continue, stakeholders are likely to push for stricter regulatory frameworks to protect patient information and maintain fair competition in the healthcare market.

US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches

 


It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control (OFAC), the Iranian government organization responsible for the series of malicious cyber activities directed against critical infrastructure in the U.S. and other countries. This organization is a part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). 

IRGC-affiliated cyber actors have been involved in recent cyber operations where they hacked and posted images on the screens of programmable logic controllers (PLCs) manufactured by Unitronics, an Israeli company. U.S. authorities are acting against these individuals in response to these recent cyber operations. 

The control devices in water and other critical infrastructure systems, such as PLCs, are sensitive targets. However, even though no critical services have been disrupted during this operation, unauthorized access to critical infrastructure systems can enable actions that are harmful to the public and can have devastating humanitarian effects. 

According to an official statement released by the US Department of Treasury, officials with the Iranian Islamic Revolutionary Guard Corps (IRGC) responsible for cyber attacks against critical infrastructure have been sanctioned. As a result of recent actions taken by actors affiliated with the IRGC involving the hacking of technology manufactured by the Israeli company Unitronics in water and wastewater facilities, this action has been taken to address the issue. 

In a cyber attack against the municipal water system of Aliquippa, Pennsylvania, as well as other water systems throughout the country, a group called CyberAv3ngers, affiliated with the IRGC, has claimed responsibility for the attack. Several critical services were not disrupted, and the U.S. coordinated with the private sector and other affected countries to resolve the incidents.

It is important to keep in mind, however, that Treasury offices warn that cyberattacks “can be destabilizing and potentially escalatory” if they are accessed by unauthorized individuals and that such access can lead to actions that may damage the public and cause devastating humanitarian consequences. 

Iranian Revolutionary Guard Corps (IRGC) officials responsible for cyber attacks against critical infrastructure have been sanctioned by the U.S. Department of the Treasury for their role in the attacks. A spokesperson for the Treasury Department for Terrorism and Financial Intelligence, Brian E. Nelson, in his statement, described the intentional targeting of critical infrastructure as an unacceptable, dangerous, and unconscionable act. 

In addition to this, the United States stated that the perpetrators would not be tolerated and that they would be held accountable using all the tools and authority at our disposal. The six sanctioned individuals were all designated as leaders of the Revolutionary Guard Corps Cyber-Electronic Command, IRGC-CEC, and as officials of the command. American companies and individuals are prohibited from trading with the six individuals and companies sanctioned. 

Currently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is providing resources such as the recently released Incident Response Guide for the water and wastewater sector to support entities they call “target-rich, cyber-poor,” such as water and wastewater utilities. This is an effort to provide resources to the target-rich, cyber-poor entities. 

In this regard, CISA considers that a few nations pose a threat because of their sophisticated malicious cyber activity intended to sustain prolonged system intrusions, including China, Russia, North Korea, and Iran. A cyber attack on critical targets such as the water, transportation and energy sectors was accused by U.S. authorities just last week, which was linked to hacker networks linked to the Chinese Government. 

It is reported that OFAC has added 6 individuals to its Specially Designated Nationals list. They are Hamid Homayunfal, Hamid Reza Lashgarian, Reza Mohammad Amin, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Siberian and Mohammad Bagher Shirinkar. 

According to the statement, Hamid Reza Lashgarian is the director of the IRGC's Cyber and Intelligence Center, a commander in the IRGC's Quds Force, and he has been involved in several IRGC operations related to cyber and intelligence. 

In addition to Hamid Reza Lashgarian, the deputy commander of the IRGC-CEC, he is also supported by senior officials Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian. It is now illegal for these designated individuals to own assets in the US and you must stop all transactions that involve property in this country involving any assets owned by these individuals.

Financial institutions and individuals responsible for transacting with sanctioned entities and individuals may face criminal prosecution if they are found to have engaged in such transactions or activities. However, the statement also stated: "The United States remains deeply concerned about the targeting of these systems, and it warns that cyber operations that intentionally damage or otherwise impair the operation and use of critical infrastructure in order to deliver services to the public are destabilizing and could escalate. "Insider reports show that Iranian cyber actors have not been targeting US infrastructure for the first time.