Tag Archive for: UnitedHealth

Ransomware group Blackcat is behind cyberattack on UnitedHealth division, company says – NBC New York

/in


  • Change Healthcare on Thursday confirmed that the ransomware group Blackcat is behind the ongoing cybersecurity attack that’s been impacting its systems since last week.
  • The attack has caused widespread disruptions to pharmacies and health systems across the U.S.
  • “We are actively working to understand the impact to members, patients and customers,” said Change Healthcare, which is owned by UnitedHealth.

Change Healthcare on Thursday confirmed that ransomware group Blackcat is behind the ongoing cybersecurity attack that’s caused widespread disruptions to pharmacies and health systems across the U.S.

“Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants,” Change Healthcare told CNBC in a statement Thursday. “We are actively working to understand the impact to members, patients and customers.”

The company said it’s working with Mandiant, which is owned by Google, and cybersecurity software vendor Palo Alto Networks.

In a since-deleted post on the dark web, Blackcat said Wednesday that it was behind the attack on Change Healthcare’s systems. The group said it managed to extract six terabytes of data, including information like medical records, insurance records and payment information.

Change’s parent company UnitedHealth Group said it discovered that a cyber threat actor breached part of the unit’s information technology network on Feb. 21, according to a filing with the SEC. UnitedHealth isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said, but it didn’t disclose the nature of the attack or exactly when it took place.

Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice. Blackcat has compromised computer networks across the U.S. and the globe, amounting to hundreds of millions of dollars in losses, the release said. 

Change Healthcare offers tools for payment and revenue cycle management that help facilitate transactions like reimbursement payments. In 2022, it merged with the…

Source…

UnitedHealth blames ‘nation-state’ in hack disrupting pharmacy orders

/in


A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between healthcare providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.

UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems Wednesday, prompting the company to disconnect them from other parties, the company said in a filing Thursday with the Securities and Exchange Commission.

UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” affected only Change Healthcare and that all its other systems are operational. Change Healthcare is a key intermediary in the $1.5-trillion U.S. health insurance market.

UnitedHealth is working with law enforcement and security experts but can’t say when the service will be restored, according to the filing. The company hasn’t determined that the attack is likely to affect its financial results, it said.

“Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter,” the Minnetonka, Minn.-based company said earlier in a statement on its website. “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”

The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of such diverse entities as financial markets and government services — and triggered cascading disruptions across their customer bases.

Last month, for example, a ransomware attack against Tietoevry Oyj, a Finnish information technology company, crippled payroll and other services for government agencies and hospitals, retailers, cinemas and other customers throughout Sweden.

Three days later, a ransomware…

Source…

UnitedHealth Blamed ‘Nation-State’ Threat in Hack That Disrupted Pharmacy Orders

/in


(Bloomberg) — A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between health-care providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.

Most Read from Bloomberg

UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Feb. 21, prompting the company to disconnect them from other parties, the company said in a filing Thursday.

UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” only impacted Change Healthcare and that all its other systems are operational. Change Healthcare is a key intermediary in the $1.5 trillion US health insurance market.

UnitedHealth is working with law enforcement and security experts but can’t say when the service will be restored, according to the filing. The company hasn’t determined that the attack is likely to affect its financial results, it said.

“Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter,” the Minnetonka, Minnesota-based company said earlier in a statement on its website. “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”

The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of everything from financial markets to government services — and triggered cascading disruptions across their customer bases.

Last month, for example, a ransomware attack against Tietoevry Oyj, a Finnish information technology company, crippled payroll and other services for government agencies and hospitals, retailers, cinemas and other customers throughout Sweden. Three days later, a ransomware…

Source…

UnitedHealth CISO: Ransomware ‘an existential risk to the delivery of care’

/in


As part of the HIMSS Healthcare Cybersecurity Forum virtual event December 6-7, Aimee Cardwell, the chief information security officer for the UnitedHealth Group at Optum Technology, will dig into the subject of ransomware in an educational session entitled “Ransomware: Today’s Threat Landscape.” Optum Technology is UnitedHealth Group’s IT and services subsidiary.

Ransomware continues to expose the vulnerabilities in the global network from the government to infrastructure to hospitals. In this session, Cardwell will discuss the current threat landscape and the ransomware to watch out for.

In a sneak-peek of the session, Healthcare IT News interviewed Cardwell to get her to explain the cybersecurity landscape and some of the best defenses against ransomware.

Q. What is the current threat landscape for healthcare organizations?

A. We see three major categories of threat. First, ransomware. According to the Wall Street Journal, ransomware has become the most lucrative form of malware globally, generating $350 million in 2020, while causing over $20 billion in damages and downtime over the same period.

The healthcare industry makes up 11.6% of all ransomware attacks. As an example, Ireland’s Health Service Executive is responsible for healthcare and social services across Ireland. They were attacked with ransomware that caused a shutdown of all IT systems. Eight weeks after the attack, services were still only 90% recovered.

Second, zero-day vulnerabilities. These refer to a vulnerability in a system or device that has been discovered but is not yet patched. You may recall hearing about PrintNightmare, which took advantage of a zero-day vulnerability in Microsoft’s print spooler, allowing a user on the network to gain elevated access on any system with print capability.

And third, supply chain attacks. These involve tampering with the digital infrastructure of a company’s software to install undetectable malware to bring harm to organizations further down the supply chain network. You may remember reading about Kaseya, a software provider that provides remote management monitoring, which was the victim of an attack by the REvil ransomware group over the Independence Day weekend this…

Source…