Published: April 19, 2024

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

Featured Cyber Incident — Change Healthcare Ransomware Attack

As disclosed on February 21, 2024, Change Healthcare, a leading healthcare technology company, has been hit by a ransomware attack. This incident marked a significant blow to the healthcare systems, impacting millions of Americans who rely on its services. 

Change Healthcare, a subsidiary of UnitedHealth Group (UHG), plays a pivotal role in the healthcare industry by processing billions of claims annually and facilitating the billing, payment, and revenue management for healthcare providers. This cyberattack forced UHG to disconnect numerous services and engage with law enforcement and cybersecurity firms to contain and remediate the threat.

How It Happened

The cyberattack occurred when the BlackCat/AlphV ransomware group gained unauthorized access to Change Healthcare’s network and encrypted vital data. Although some security researchers observed significant transactions directed to a Bitcoin account affiliated with BlackCat/AlphV, the payment of the demanded $22 million ransom has not been confirmed by UHG, as of today.

While specific details have not been publicly disclosed, it is believed that the attackers exploited vulnerabilities in the network infrastructure. This emphasizes the importance of comprehensive assessments of network infrastructure security to identify and address vulnerabilities proactively.

Lessons Learned

This cyber incident highlights the critical need for robust cybersecurity measures and comprehensive business continuity planning in the face of unexpected emergencies. Key lessons from the incident include:

  1. Enhanced Access Management: Enforce user identity and access management to prevent unauthorized access to critical systems, through protocols such as least privilege and multi-factor authentication (MFA).
  2. Employee Training and Awareness: Educate and train employees on cybersecurity best practices so that they can recognize and respond effectively to suspicious activities within the systems.
  3. Business Continuity Planning: Develop and maintain a business continuity plan to ensure that the organization is ready to respond to unexpected emergencies, such as cyberattacks. This plan should outline procedures for restoring critical systems, maintaining operations, and communicating with stakeholders during a crisis.

Summary

By prioritizing user identity and access management, employee training, and business continuity planning, organizations can strengthen cybersecurity defenses against cyber threats while ensuring that they are well-prepared to respond to unexpected emergencies.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you leverage a managed security service provider (MSSP) and also consider becoming an NCSS member to access a wide range of our services. We have partners who can help, here. For more information, visit our Small Business page.

 

References

https://news.northeastern.edu/2024/02/27/healthcare-cyberattack-pharmacy-cause/

https://www.techtarget.com/whatis/feature/The-Change-Healthcare-attack-Explaining-how-it-happened

https://www.fiercehealthcare.com/health-tech/cybersecurity-patient-safety-what-ransomware-attack-change-healthcare-should-teach

https://www.hipaajournal.com/change-healthcare-responding-to-cyberattack/

https://www.usnews.com/news/health-news/articles/2024-03-04/explainer-what-to-know-about-the-change-healthcare-cyberattack

https://healthitsecurity.com/news/change-healthcare-disconnects-system-amid-cyberattack

https://therecord.media/change-healthcare-ransomware-attack-blackcat-alphv

https://kstp.com/kstp-news/local-news/class-suit-filed-against-unitedhealth-group-for-ransomware-attack/

https://www.crn.com/news/security/2024/unitedhealth-pays-22-million-to-ransomware-group-behind-change-healthcare-cyber-attack 

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.

Submit a Comment