UnitedHealth officially announced that threat actors stole the healthcare records of over 100 million individuals during a ransomware attack on its subsidiary, Change Healthcare. The incident is now considered one of the most significant breaches against the healthcare sector.
The breach occurred in February 2024 and was orchestrated by the infamous BlackCat ransomware gang. The cybercrime syndicate also operated under the moniker ALPHV.
During the attack, threat actors leveraged stolen credentials to infiltrate the company’s network through a vulnerable remote access service that lacked multi-factor authentication (MFA).
Once inside, perpetrators exfiltrated over 6 terabytes of sensitive data before encrypting the company’s systems, leading to widespread disruption across the US healthcare sector.
The aftermath of the security incident is significant; during a congressional hearing in May, UnitedHealth CEO Andrew Witty stated that the attack exposed “maybe a third” of all American’s health data. Change Healthcare issued a separate statement, acknowledging that threat actors exfiltrated a “substantial quantity of data,” but without providing any precise figures.
As of October 22, the US Department of Health cleared the air with an update on its breach portal, confirming that the incident impacted 100 million individuals, thus reflecting the first official statement from UnitedHealth.
Perpetrators exposed a plethora of deeply personal details during the breach. According to Change Healthcare’s notification, stolen information includes:
It’s worth mentioning that the exact details stolen vary from one individual to another. Furthermore, not all victims had their entire medical history exposed.
BlackCat, the ransomware group that orchestrated the attack, demanded a ransom payment in exchange for a decryptor and the deletion of stolen data. Reportedly, UnitedHealth complied and issued the attackers a $22 million payment. However, the perpetrators suddenly pulled an exit scam, disappearing without a trace and leaving the company without any assurance that the stolen data had been deleted.
Subsequently, a former BlackCat affiliate claimed they still possessed Change Healthcare data, demanding additional ransom under a new malicious operation dubbed RansomHub.
Threat actors steadily leaked fragments of the stolen data on the RansomHub website. However, the data suddenly vanished from the ransomware platform, sparking theories that UnitedHealth may have folded a second time and paid a ransom to prevent further exposure.
Unfortunately, data breaches often occur regardless of companies' defense strategies against cyber attacks. Furthermore, customers or, in this case, patients of affected entities have no control over these unfortunate security incidents.
However, being prepared in the event disaster strikes is crucial in today's cyber landscape. Dedicated services like Bitdefender's Digital Identity Protection can help you stay one step ahead of attackers by always knowing what happens to your online data.
It features a comprehensive overview of your online data, including traces from no-longer-used services, notifies you instantly if your data has been leaked in a breach and provides you with quick, 1-click actions to patch holes in your digital footprint instantly.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 19, 2024
November 14, 2024