News: 0175320619

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

UnitedHealth Says Change Healthcare Hack Affects Over 100 Million (techcrunch.com)

(Friday October 25, 2024 @03:00AM (BeauHD) from the nothing-to-be-proud-of dept.)


UnitedHealth Group said a ransomware attack in February resulted in [1]more than 100 million individuals having their private health information stolen . The U.S. Department of Health and Human Services [2]first reported the figure on Thursday. TechCrunch reports:

> The ransomware attack and data breach at Change Healthcare stands as the largest known digital theft of U.S. medical records, and one of the biggest data breaches in living history. The ramifications for the millions of Americans whose private medical information was irretrievably stolen are likely to be life lasting. UHG began notifying affected individuals in late July, which continued through October. The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver's license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information -- as well as financial and banking information found in claims and payment data taken by the criminals.

>

> The cyberattack [3]became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector that relied on Change for handling patient insurance and billing. UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the cyberattack. The ransomware gang's leaders later vanished after absconding with a $22 million ransom paid by the health insurance giant, stiffing the group's contractors who carried out the hacking of Change Healthcare out of their new financial windfall. The contractors took the data they stole from Change Healthcare and formed a new group, which extorted a second ransom from UHG, while publishing a portion of the stolen files online in the process to prove their threat.

>

> There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including LockBit, have been shown to hoard stolen data, even after the victim pays and the criminals claim to have deleted the data. In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data. Efforts by the U.S. government to catch the hackers behind ALPHV/BlackCat, one of the most prolific ransomware gangs today, have so far failed. The gang bounced back following a takedown operation in 2023 to seize the gang's dark web leak site. Months after the Change Healthcare breach, the U.S. State Department upped its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.



[1] https://techcrunch.com/2024/10/24/unitedhealth-change-healthcare-hacked-millions-health-records-ransomware/

[2] https://www.documentcloud.org/documents/25250169-change-healthcare-breach

[3] https://tech.slashdot.org/story/24/02/22/144230/us-health-tech-giant-change-healthcare-hit-by-cyberattack



What has not been hacked yet? (Score:2)

by rapjr ( 732628 )

Anything? Who has not had multiple accounts compromised? Computer security is a joke.

Kamela Harris has a respense! (Score:1)

by Valgrus Thunderaxe ( 8769977 )

In order to manage our equities, it becomes incumbent on us, as a people, to leverage our diversity and balance our synergies. Our strength lies in our ability to communicate responsiveness to changing social strata. Thus, I propose a Rust-based para-virtualized enterprise hypervisor solution which combines our strengths with post-modern idealism. In this hectic climate, our futurism will be manifested in our calling for social change. Government, much like the enterprise space, will transcend the front

Jail (Score:2)

by bradley13 ( 1118935 )

First, they got hacked. For a company holding critical data, that's bad enough. But then they paid ransom , which the criminals just took and ran off with. So they have encouraged and funded future ransomware attacks.

Criminal charges. Board, CEO, CIO, all the way down the line. Whoever decided not to invest in security, and especially whoever decided to pay the ransom.

Re: (Score:2)

by Woeful Countenance ( 1160487 )

Even worse, they didn't get anything in return for paying the ransom, because the thieves kept the data anyway. Evidently these aren't honorable criminals. Then one stole all the money from the others. Just can't trust anybody.

At least for the people who send me mail about a new language that they're
designing, the general advice is: do it to learn about how to write a
compiler. Don't have any expectations that anyone will use it, unless you hook
up with some sort of organization in a position to push it hard. It's a
lottery, and some can buy a lot of the tickets. There are plenty of beautiful
languages (more beautiful than C) that didn't catch on. But someone does win
the lottery, and doing a language at least teaches you something.
-- Dennis Ritchie (1941-2011), creator of the C programming language and of
UNIX