Tag Archive for: provider

Ransomware attack on UnitedHealth hits provider payments

/in


A weeklong ransomware attack on key units of the UnitedHealth Group is leaving healthcare providers across the United States struggling to process payments.

According to the American Hospital Association, large hospital chains and smaller-level providers have been locked out of processing payments. Although large systems have been able to absorb the blow financially, smaller providers are already beginning to run low on cash as they take on the costs of being unable to collect from patients.

The UnitedHealth Group is one of the largest health benefits organizations in the United States, directly insuring over 27 million Americans in individual and employer plans, as well as nearly 14 million seniors on Medicare with private supplemental coverage.

UnitedHealth’s Change Healthcare, a critical linchpin for processing payments and revenue cycle management for UnitedHealth, has been incapacitated for more than a week after a hacker gained access to the network.

The attack has also thwarted prescription refills and renewals for pharmacies across the U.S., ranging from small independent firms to larger entities like Walgreens.

“This attack is not only on Change Healthcare but is an attack on the entire health care sector that depends upon the availability of Change healthcare services technology,” said the AHA’s national adviser for cybersecurity and risk, John Riggi.

The source of the attack and the actors responsible have not been officially identified.

A filing with the Securities and Exchange Commission from last week indicates that UnitedHealth “identified a suspected-nation-state associated cyber security threat actor” entered the information technology system on Feb. 21.

Sources close to the matter, however, reported to Reuters this week that a criminal gang known as “Blackcat” or “ALPHV” may be responsible for the attack. Blackcat reportedly did not respond to Reuters‘ request for comment.

Organizations that experience high-impact ransomware attacks can take several months to fully restore capacity, according to Riggi.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Although patients should not experience disruptions to care, the cash flow upholding…

Source…

Notorious ransomware provider LockBit taken over by law enforcement

/in


Washington — A ransomware service provider that has targeted over 2,000 systems across the globe, including hospitals in the U.S., with demands for hundreds of millions of dollars was taken down Monday, and Russian nationals were charged as part of an international plot to deploy the malicious software, the Justice Department announced Tuesday. 

Known as LockBit, the network of cybercriminals targets critical components of manufacturing, healthcare and logistics across the globe, offering its services to hackers who deploy its malware into vulnerable systems and hold them hostage until a ransom is paid. The attackers have so far extorted more than $120 million from their victims, officials said, and their program has evolved into one of the most notorious and active.

As part of this week’s operation, the FBI and its law enforcement partners in the United Kingdom seized numerous public-facing platforms where cybercriminals could initiate contact with and join LockBit. Investigators also seized two servers in the U.S. that were used to transfer stolen victim data. 

The front page of LockBit’s site has been replaced with the words “this site is now under control of law enforcement,” alongside the flags of the U.K., the U.S. and several other nations, the Associated Press noted.

A screenshot from Feb. 19, 2024 shows a take down notice that a group of global intelligence agencies issued to a dark web site called Lockbit.

Handout via Reuters


According to Attorney General Merrick Garland, the U.S. and its allies went “a step further” by obtaining the “keys” that can unlock attacked computer systems to help victims “regain access to…

Source…

20+ hospitals in Romania hit hard by ransomware attack on IT service provider • Graham Cluley

/in


20+ hospitals in Romania hit hard by ransomware attack on IT service provider20+ hospitals in Romania hit hard by ransomware attack on IT service provider

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

Romania’s National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware – a variant of Phobos.

The DNSC advises not to contact the IT teams at affected hospitals “so they can focus on restoring IT services and data! This is the priority at the moment.”

Sign up to our free newsletter.
Security news, advice, and tips.

The affected hospitals all used the Hipocrate IT platform, developed by Romanian software company RSC to manage patients’ data and track their progress from initial admission to discharge.

Affected hospitals include:

  • Azuga Orthopaedics and Traumatology Hospital
  • Băicoi City Hospital
  • Buzău County Emergency Hospital
  • C.F. Clinical Hospital no. 2 Bucharest
  • Colțea Clinical Hospital
  • Emergency County Hospital “Dr. Constantin Opriș” Baia Mare
  • Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest
  • Fundeni Clinical Institute
  • Hospital for Chronic Diseases Sf. Luca
  • Institute of Cardiovascular Diseases Timișoara
  • Medgidia Municipal Hospital
  • Medical Centre MALP SRL Moinești
  • Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta
  • Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB)
  • Pitești Emergency County Hospital
  • Regional Institute of Oncology Iasi (IRO Iasi)
  • Sighetu Marmației Municipal Hospital
  • Slobozia County Emergency Hospital
  • St. Apostol Andrei Emergency County Hospital Constanta
  • Târgoviște County Emergency Hospital

The DNSC reports that 79 more hospitals using Hipocrate have disconnected from the internet in the wake of the attack. The attack was first spotted on Saturday, February 10 at the Pitești Paediatric Hospital.

According to the DNSC, most affected hospitals have backups of the data encrypted by the ransomware, which should aid recovery. But in at least one case, the most recent backup was saved 12 days ago.

Hat-tip: Thanks to reader Gheorghe for his assistance with this…

Source…

Ukrainian hackers hack servers of Moscow Internet provider M9com as part of attack on Kyivstar – source

/in


Ukrainian hackers hack servers of Moscow Internet provider M9com as part of attack on Kyivstar – source

Hackers from the Blackjack group, allegedly related to the Security Service of Ukraine (SBU), hacked the Moscow Internet provider M9com and demolished its servers, an informed source told Interfax-Ukraine on Tuesday.

“We are talking about 20 TB of deleted data: the company’s official website, branch websites, mail server, cyber protection services, and so on. As a result, some Moscow residents were left without the Internet and television,” the agency’s interlocutor said.

Data from the company’s mail server and client databases were also posted online. Hackers called the attack on M9com a “warm-up” as part of a retaliation campaign for a hacker attack on the servers of the Ukrainian mobile operator Kyivstar.

Source…