Healthcare

Who: The RansomHub extortion gang is claiming to have leaked corporate and patient data stolen from Change Healthcare, a subsidiary of United Health, following a cyberattack.

What: Change Healthcare experienced a cyberattack in February, attributed to the BlackCat/ALPHV ransomware operation, causing significant disruption to the US healthcare system. The attack resulted in the theft of approximately 6 TB of data. Despite potential ransom payment and pressure from law enforcement, the attackers continued their extortion efforts.

Impact: The leaked data reportedly includes data-sharing agreements with insurance providers, accounting information, and patient data such as bills and amounts owed. The threat actors have issued an ultimatum for Change Healthcare to meet their extortion demands within five days, threatening to sell the data if their demands are not met.

Read the full article HERE

Who: Harvard Pilgrim Health Care, a New England health insurance firm, disclosed that a ransomware attack last spring affected a larger number of individuals than initially reported.

What: The ransomware attack, carried out by an unidentified group on April 17, 2023, impacted Harvard Pilgrim's operations for several days. The latest breach notification submitted to regulators in Maine revised the total number of affected individuals to 2,860,795, a 12% increase from the original count.

Impact: The incident underscores how data breach investigations can lead to a reassessment of the number of affected individuals. Personal data and protected health information of current and former subscribers, dependents, and contracted providers were potentially compromised. Harvard Pilgrim serves over 1.1 million members across Massachusetts, New Hampshire, Maine, and Connecticut. The attack occurred during a period of infiltration from March 28, 2023, to April 17, 2023. The company collaborated with federal law enforcement and cybersecurity firms…

Who: Hackers known as AlphV or BlackCat, perpetrators of the Change Healthcare ransomware attack.

What: The hackers received a $22 million payment, visible on Bitcoin's blockchain, suggesting that the victim, Change Healthcare, may have paid a significant ransom. An affiliate of AlphV claimed on the cybercriminal underground forum RAMP that they were cheated out of their share of the ransom, pointing to the $22 million transaction as proof. Change Healthcare, a medical firm and a major player in prescription processing, has faced disruptions for over 10 days due to the ransomware attack.

Impact: If the $22 million ransom payment is confirmed, it sets a dangerous precedent for the healthcare industry, highlighting the profitability of attacks on critical services. Ransomware researcher Brett Callow emphasizes that such payments fund future attacks and encourage other cybercriminals to target the healthcare sector. The incident also exposes a rift within the hacker group, with affiliates…

Who: Change Healthcare, a major U.S. health tech giant, suffered an ongoing cyberattack caused by the BlackCat ransomware group.

What: The ransomware attack led to outages and disruptions at hospitals and pharmacies across the U.S. for a week. Change Healthcare, a significant healthcare processor, handles prescriptions and billing for over 67,000 pharmacies, managing 15 billion healthcare transactions annually.

How: The cyberattack, linked to BlackCat (ALPHV), started on February 21, impacting customer-facing systems. Patient data theft remains uncertain. UnitedHealth Group, Change Healthcare's parent company, identified a "suspected nation-state" threat actor. Hospitals, providers, and pharmacies faced difficulties fulfilling prescriptions. The American Hospital Association advised disconnection from Optum (Change Healthcare's parent) due to potential risks. Tricare, the U.S. military’s health insurance, reported global impacts on military pharmacies. BlackCat/ALPHV has previously targeted Norton, Reddit, and Fidelity National Financial.

Read the full article HERE