A ransomware attack on Change Healthcare [2] [6] [8], a subsidiary of UnitedHealth Group [1], occurred on February 12 [1] [8], leading to significant financial and operational consequences.
Description
Hackers gained access to a Citrix portal using compromised credentials, bypassing multifactor authentication [1] [2] [3] [4] [5] [6] [7] [8] [9]. The cybercrime groups ALPHV and BlackCat claimed responsibility for the attack [4], deploying ransomware nine days later [4] [8]. Change Healthcare paid a $22 million ransom to ALPHV [1], resulting in $872 million in costs for UnitedHealth Group. The breach potentially exposed data of a substantial number of Americans, prompting an investigation by the Department of Health and Human Services. Despite paying the ransom [9], sensitive data was stolen, leading to disruptions in medical claims and payment processing.
Conclusion
The incident highlights the importance of implementing multifactor authentication and securing vendor supply chains to prevent future attacks. UnitedHealth Group is rebuilding systems to enhance security measures and prevent similar incidents. Lawmakers are calling for stronger cybersecurity standards in the healthcare industry to mitigate risks and protect sensitive data.
References
[1] https://arstechnica.com/security/2024/04/change-healthcare-hacked-through-stolen-password-for-account-with-no-mfa/
[2] https://healthexec.com/topics/health-it/cybersecurity/breached-change-healthcare-server-lacked-multifactor-authentication-unitedhealth-ceo-admits
[3] https://apnews.com/article/change-healthcare-cyberattack-unitedhealth-senate-9e2fff70ce4f93566043210bdd347a1f
[4] https://www.crn.com/news/security/2024/unitedhealth-compromised-citrix-credentials-behind-change-healthcare-hack
[5] https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/
[6] https://cyberscoop.com/change-healthcare-attack-stolen-data-ransom-andrew-witty-unitedhealth/
[7] https://www.techtarget.com/searchsecurity/news/366582824/Change-Healthcare-breached-via-Citrix-portal-with-no-MFA
[8] https://www.infosecurity-magazine.com/news/unitedhealth-breach-stolen/
[9] https://www.cybersecuritydive.com/news/change-healthcare-compromised-credentials-no-mfa/714792/
