1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • UnitedHealth confirms major cyberattack, says hackers stole "subs

    From TechnologyDaily@1337:1/100 to All on Tue Apr 23 16:15:05 2024
    UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data

    Date:
    Tue, 23 Apr 2024 16:00:00 +0000

    Description:
    UnitedHealth moves to assure victims with free credit and identity monitoring.

    FULL STORY ======================================================================

    UnitedHealth Group has issued an update on the data breach that recently struck its subsidiary, Change Healthcare.

    The healthcare giant suffered a ransomware attack that knocked some of its services offline and affected different pharmacies and other adjacent businesses across the United States.

    In an update, UnitedHealth Group said that based on initial targeted data sampling to date, the company found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America. Ransomware fiasco

    So far, there has been no evidence that the hackers stole materials such as doctors charts, or full medical histories.

    The company further explained that the data review is ongoing and complex,
    and that it will likely take a few months to conclude the investigation, suggesting that the type of stolen data, as well as its scope, might change.

    In the meantime, it set up a dedicated website http://changecybersupport.com/ where affected individuals can get more information and details. It also set up a dedicated call center, and is offering free credit monitoring and identity theft protection for two years.

    The ransomware attack suffered something of a fiasco on both sides. The company was apparently attacked by an affiliate of the infamous ALPHV (BlackCat) ransomware-as-a-service (RaaS). To address the problem and get its data back, the company paid the attackers $22 million in cryptocurrency. However, due to the nature of RaaS, the affiliates who breached Change never got the money, as ALPHV took all of it and shut the entire operation down.

    This also meant that Change never got its data back. In the meantime, a separate threat actor came forward, claiming to be in possession of the data, and asking for even more money.

    UnitedHealth Group said that its monitoring the internet and the dark web, together with industry experts, to determine if any data made it online.

    There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time, the notification concludes. More from TechRadar Pro Change Healthcare hit by
    major cyberattack US health tech giant sees website taken offline, login pages unavailable Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/unitedhealth-confirms-major-cyberattack -says-hackers-stole-substantial-amount-of-patient-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)