$22 Million Ransom Fails to Save Change Healthcare from Data Leak Threat

The Healthcare industry has consecutively been a prime target of cybercriminals, recent incident includes the Change Healthcare, which is a healthcare technology solutions provider. Their hack confirms the dangerous prevalence of the entire healthcare industry to cyber threats. This attack demonstrates that in the realm of healthcare cyber security, no organization is safe from the threats of cyber-attack. This breach concerned the safety of the data of millions of patients, including personal and medical profile, thus, stressing the timeliness of enhanced security cyber procedures across the whole sector.

After two months of the attack, Change Healthcare, a subsidiary of UnitedHealth Group, finally admitted something which everyone already knew – they paid hefty amount to the hackers to protect patient data from disclosure. Despite the hefty payout of $22 million, the company still faces the possibility of a massive data leak exposing sensitive medical information of millions.

According to the reports, the hackers got entry in the networks of UnitedHealth Group’s Change Healthcare. They used compromised credentials on an application that allows staff to remotely access systems reported on Monday (22nd April).

The first update was posted by Change Healthcare (21st Feb) saying they had been facing connectivity issues because of which the prompt displayed – ‘some applications are currently unavailable’. They had been reviewing the issue forward to resolve it as soon as possible. Apparently, the hackers had been in the system for the last 9 days before the attack actually took place on Feb 21. They might have stolen a bunch of data by then.

Security researchers had already suspected the ransom payment based on a Bitcoin transaction traced back to AlphV in early March. This information, along with complaints from disgruntled hacker affiliates on a cybercriminal forum, fuelled speculation that Change Healthcare had indeed paid up. The company, however, remained silent for weeks.

This confirmation raises concerns within the cybersecurity industry. Experts fear that the successful attack and hefty ransom will incentivize further attacks on healthcare organizations. “It 100% encourages other actors to target healthcare,” said Jon DiMaggio, a ransomware researcher. “These are the industries we don’t want targeted, especially when it affects hospitals.”

Adding insult to injury, a second ransomware group, RansomHub, claims to possess the stolen data and threatens to sell it on the dark web. While the listing for the data has been taken down, Change Healthcare acknowledges that some information, potentially containing personal identifiable information (PII), has been leaked.

The Federal Government also offered 10 million dollars to help them identify the group of hackers – the ransomware-as-a-service group ALPHV BlackCat.

In addition, U.S. Sen. Mark R. Warner, D-Va., introduced a bill – “Health Care Cybersecurity Improvement Act of 2024” which was the need of the hour. The core purpose was to accelerate Medicare payments to healthcare providers that have suffered a cyberattack.

The company estimates losses exceeding $872 million and anticipates the figure to climb over a billion in the long term. A survey conducted by the American Medical Association revealed that 80% of clinicians lost revenue due to the attack, with some relying on personal finances to keep their practices afloat.

The attack on Change Healthcare, a subsidiary of UnitedHealth Group, caused widespread disruption in the US healthcare system.

In conclusion, the cyberattack on Change Healthcare is an unpleasant illusion of the weak spots that can be found in healthcare industry. While the $22 million represent one of the largest sums ever paid, it failed to ensure data security. Hence, the need of the hour is the proactiveness of the organisations in cybersecurity.

© 2024 PeoplActive – A division of CCT Digisol Pvt Ltd.