Why UnitedHealth, Change Healthcare Were Targeted by Ransomware Hackers, and More Cybercrimes Will Hit Patients and Doctors

Signage for the health insurance company UnitedHealthcare (UHC) is shown on an office building in Phoenix, Arizona on July 19, 2023.

Patrick T. Fallon | Afp | Getty Images

The ransomware attack on UnitedHealth’s Change Healthcare subsidiary last month not only highlighted how attractive the data-rich U.S. healthcare industry is to hackers and the devastating consequences for patients and doctors, but also how sophisticated cybercriminals are becoming when targeting vulnerable people. sectors

The breach, which occurred more than three weeks ago, prompted the U.S. Department of Health and Human Services this week to launch an investigation into UnitedHealth. In a statement, the HHS Office for Civil Rights said it is investigating the cyber attack because of its “unprecedented magnitude.”

Change Healthcare is the largest clearinghouse for insurance billing and payments in the US

Since the Feb. 21 attack, the thousands of doctors, hospitals and other healthcare providers who rely on Change Healthcare for billing reimbursements have not been paid as the company works to bring its systems back online.

UnitedHealth told CNBC in a statement that it will cooperate with the OCR’s investigation. “Our immediate focus is to restore our systems, protect data and support those whose data may have been affected,” the company said. “We are working with law enforcement to investigate the extent of the data affected.”

The breach is certainly a nightmare for healthcare providers who say they are running out of cash to run their practices while they wait for payments from Change Healthcare, as well as for consumers who are seeing delays in getting approved recipes or procedures.

But it also underscores a much bigger problem: the vulnerability of America’s entire health care sector.

Chasing companies that will pay

Sumedh Thakar, CEO of cybersecurity firm Qualys, said that while the digitization of the U.S. healthcare system has advanced patient care, it has also increased the need to better understand and protect against each new cyber threat

“Why are hackers going after health care? Because they’re looking at organizations that are more likely to be afraid and therefore will pay,” he said.

The reason for this is because data is very valuable. Cybersecurity researcher Jeremiah Fowler said on the dark web that medical records sell for $60 compared to $15 for a Social Security number and $3 for a credit card. Added to this is the fact that there is a chronic shortage of staff and, as the Change Healthcare ruckus has shown, there is enormous pressure to restore access quickly.

“The health care data being exposed is far worse than most other data and the bad guys know it,” Thakar said.

Complicating the equation is the fact that many cybercriminals now operate like the companies they’re after, including Blackcat, the group claiming responsibility for the Change Healthcare hack. Far from basement tag gangs, these “ransomware-as-a-service” groups “operate in an affiliate model where the operational work is done by a vast network of threat actors,” explained Nicole Eagan, head of Strategy and AI Officer. at cybersecurity firm Darktrace.

Typically, he said, this involves a core group of developers who sell or lease their “RaaS” tools to affiliated operators who then operate businesses. Affiliates often receive a percentage of the ransom paid by the victim.

Ransomware as a service

The fact that this “as-a-service” model has grown in popularity over the past few years, compared to more traditional single-strain ransomware models, Eagan said, lowers the barrier to entry for bad guys and allows them to target to vulnerable sectors. like healthcare without having to develop your own ransomware.

The growth of this market also means that bad guys don’t have to rely solely on ransomware payments to make money. They are using “subscription models to return revenue for their ransomware development and deployment,” Eagan said.

This development is likely to lead to more sophisticated and advanced extortion methods. For example, instead of relying solely on encrypting a company’s data to get a ransom, Eagan said he expects hackers to use double or even triple extortion strategies, encrypting sensitive data but also threatening to leak or sell stolen data unless their ransom demands are met.

With so much going on, Thakar said the cybersecurity landscape remains a cat-and-mouse game: “Companies come up with a better way to defend themselves, the bad guys figure out another way to go after companies.”

Ultimately, security leaders need to find out whether the money they spend on cybersecurity tools and solutions is actually reducing their risk levels. “Whether it’s in healthcare or any other industry, this is what security leaders need to explain to the board and their CFO,” he said.

Fowler said a shift in thinking is needed for healthcare executives looking at an ever-growing threat landscape. “I would say to a healthcare leader, ‘Your primary goal is to provide the best care and service to patients and customers, but your data is only as valuable as the service you’re providing. Invest in protecting it as best you can.” ‘”

The Department of Health and Human Services opens an investigation into hacking at UnitedHealths Change Healthcare

#UnitedHealth #Change #Healthcare #Targeted #Ransomware #Hackers #Cybercrimes #Hit #Patients #Doctors
Image Source : www.cnbc.com

Leave a Comment