Category: United Health

In February of this year, a ransomware assault on Change Healthcare caused significant disruptions in medical supply chains and billing procedures, prompting the company to isolate its computer network and launch a clinical investigation.

Fast forward two months from the cyber onslaught, Andrew Witty, CEO of UnitedHealth, the parent company of Change Healthcare, appeared before the Senate to provide testimony regarding the digital breach. Acknowledging that the cyber attack on Change Healthcare was indeed a ransomware incident, Witty attributed it to the absence of multi-factor authentication, a foundational cybersecurity measure that every company, regardless of size, sector, or financial standing, should adhere to.

Multi-factor authentication entails requiring users to provide two or three verification factors to access their accounts, serving as a barrier against unauthorized access.

Initial estimates suggest the attack has resulted in a financial loss of $22 million thus far, with concerns mounting that the figure could soar into the billions by the third quarter of this year.

Interestingly, speculation arose from certain media outlets suggesting that Change Healthcare had struck a deal with the ALPHV ransomware group and paid a ransom to regain access to encrypted data. Despite reportedly paying around 350 bitcoins to the BlackCat ransomware group, the company continues to face threats of data exfiltration since April 2024 from another group known as RansomHUB, demanding $15 million for the deletion of pilfered information.

Further investigations revealed RansomHUB’s involvement in the attack, indicating that since severing ties with the BlackCat gang, they have embarked on their own venture, extorting ransom payments from their already targeted victims, as they possess all the stolen data on their servers.

Security experts suggest that this latest development could either be a scheme to extract more money or a genuine threat. Regardless, the victims find themselves caught in an ongoing saga, with no resolution in sight at least for the near future.

The post United Health CEO testifies before senate for ransomware attack appeared first on Cybersecurity Insiders.

UnitedHealth recently disclosed that it has disbursed approximately $2 billion to its healthcare subsidiaries affected by a ransomware attack detected last month. The company also announced plans to roll out medical claims preparation software to assist customers in managing payments for medical bills against inventory lists.

Andrew Witty, CEO of UnitedHealth, confirmed the authenticity of the statement and reported that 90% of the pharmacy computer network systems impacted by the cyber-attack at Change Healthcare had been restored by the previous Sunday. As a result, the payment management software, crucial for processing medications and services covered by insurers, is expected to be fully operational by the upcoming weekend.

In response to the severity of the situation, U.S. Department of Health and Human Services Secretary Xavier Becerra and Deputy Andrew Palm held an emergency meeting with White House officials to address cyber risks stemming from the Change Healthcare cyber-attack. The meeting emphasized the importance of support from insurance companies and focused on strategies for assisting affected parties.

The rise in cyberattacks targeting the healthcare sector globally is deeply concerning, especially considering the potential for emergencies such as those witnessed during the Covid-19 pandemic lockdowns in April 2020 and 2021.

Furthermore, it is evident that cybercriminals, driven by profit, disregard the humanitarian implications of their actions, instead prioritizing their immediate gains or supporting governments engaged in digital attacks for geopolitical reasons.

Governments worldwide must unite with the singular goal of eradicating or, at the very least, significantly reducing such cyber threats. Mere measures such as cryptocurrency bans or the apprehension of individual criminals do little to address the root cause of these attacks and provide insufficient deterrence.

The post United Health spends $2 billion in ransomware recovery appeared first on Cybersecurity Insiders.