UnitedHealth, a Medicare giant in the United States, confirmed on Monday that the servers of its billing and insurance subsidiary, Change Healthcare, had indeed been hacked, and the threat actors had stolen the data of millions of Americans.
A detailed investigation into the cyberattack on UnitedHealth Group’s Change Healthcare revealed a sophisticated infiltration that began weeks before the ransomware strike. This exposed critical lapses in cybersecurity protocols and highlighted systemic vulnerabilities in the U.S. healthcare infrastructure.
According to a report by WSJ, the cyber adversaries, identified as the ALPHV ransomware gang or affiliates, initiated their incursion into Change Healthcare’s networks as early as February 12, leveraging compromising credentials within an application lacking multifactor authentication (MFA) safeguards.
The initial breach granted the attackers prolonged access, enabling them to navigate undetected and gather intelligence within the system.
The lack of MFA, a fundamental security measure, allowed the hackers to exploit vulnerabilities and move laterally across Change Healthcare’s extensive network, culminating in the deployment of ransomware on February 21. This strategic manoeuvring suggests a meticulously planned operation aimed at data exfiltration and system disruption rather than a hasty, opportunistic attack.
Change Healthcare, a pivotal player in processing medical payments and managing vast amounts of sensitive healthcare data, faced immediate operational challenges following the ransomware incident. The ensuing shutdown of critical systems impacted healthcare providers nationwide, forcing them to seek alternative billing solutions and grapple with financial uncertainties.
In response to the cyber threat, UnitedHealth Group, the parent company of Change Healthcare, reportedly paid a substantial ransom, speculated to be approximately $22 million in bitcoin, although specific details remain undisclosed. Reportedly, another gang, RansomHub, also demanded ransom payments from the health giant.
The incident’s ripple effects include significant financial burdens, $870 million for UnitedHealth Group, and operational disruptions affecting healthcare providers reliant on Change Healthcare’s services. The company’s efforts to restore systems and offer financial assistance reflect a broader effort to mitigate the fallout from this unprecedented cyber assault.
According to the company, the services are now back on track to “near-normal levels,” and the company is in communication with the authorities and regulators. Furthermore, the company has provided a customer support link: changecybersupport.com and a phone number: 1-866-262-5342 for further assistance.
“We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, Chief Executive Officer of UnitedHealth Group.
Witty will also testify before the House lawmakers on May 1 regarding the cyber attack.
In the News: Proton Mail gets a Dark Web Monitoring tool for enhanced security