Security News

Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about - unless, maybe, it is the security team itself that is suffering from it. It turns out that - by homing in on the user experience of security mechanisms and processes - the security team can be an ally to those whose job it is to worry about burnout across the healthcare ecosystem.

Change Healthcare is being investigated over the alleged 6 TB data theft by the ALPHV ransomware group as it continues recovery efforts. The US Department of Health and Human Services Office for Civil Rights wrote to the healthcare IT company this week informing it that a formal inquiry into its data protection practices will soon begin.

UnitedHealth Group confirmed in late February that Change Healthcare systems and services were shut down after a cyberattack by "Nation-state" hackers, which was later linked to the BlackCat ransomware gang. Change Healthcare is the largest payment exchange platform used by doctors, healthcare providers, and patients in the U.S. healthcare system and by more than 70,000 pharmacies, while UHG has contracts with over 1.6 million health professionals and 8,000 healthcare facilities across all 50 U.S. states.

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. United Health Group is the largest American health insurance company, and its subsidiary, Optum Solutions, operates the Change Healthcare platform.

Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online. The first step towards a full restoration of systems will be welcome news to the US healthcare system after thousands of hospitals and pharmacies reported severe disruptions following the attack in late February.

A criminal claiming to be an ALPHV/BlackCat affiliate - the gang responsible for the widely disruptive Change Healthcare ransomware infection last month - may have ties to Chinese government-backed cybercrime syndicates. "Some of our HUMINT sources with direct contact to Notchy says it's high probability that Notchy is associated with China Nation-State groups," Menlo's threat intel team said in a report Wednesday.

In this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users. As more and more Americans flock to direct-to-consumer digital health apps and resources, most people don't know that the sensitive health data they share with these companies could be passed on to third parties or sold to data brokers without a single consent form.

The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and urging advanced funding to providers. Change, a UnitedHealth Group-owned IT services firm, provides software to more than 70,000 American pharmacies and healthcare organizations so they can electronically process insurance claims and fill prescription orders.

ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment. Dmitry Smilyanets, an intelligence analyst at infosec outfit Recorded Future, spotted a Bitcoin wallet believed to be linked to ALPHV received 350 Bitcoins, right now worth at least $22 million, in a single transaction on March 1.

Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. The most impactful attack of 2024 so far is the attack on UnitedHealth Group's subsidiary Change Healthcare, which has had significant consequences for the US healthcare system. To make matters worse, the BlackCat ransomware operation, aka ALPHV, claims to have stolen 6TB of data from Change Healthcare during the attack, containing the personal information of millions of people.