HomeMalware & ThreatsChange Healthcare Now Has 190 Million Victims of Data Breach

Change Healthcare Now Has 190 Million Victims of Data Breach

Published on

spot_img

UnitedHealth Group, the parent company of Change Healthcare, has suffered a substantial financial blow as a result of a cyberattack that exposed protected health information of 190 million Americans. The attack, which took place in February 2024 and was carried out by a ransomware group, has now been reported to have cost the company a staggering $3.1 billion.

The revised tally of breach victims, which increased by 90 million individuals from the initial count of 100 million last July, has catapulted this incident to one of the largest data breaches of the year. Change Healthcare, a major player in healthcare payment processing, found itself at the center of this unprecedented breach that impacted a wide range of healthcare providers, insurance plans, and other organizations in the industry.

The fallout from the attack was severe, causing massive disruptions in healthcare operations across the board. Patients’ protected health information was compromised, leading to issues with insurance verification and payment processing. Mike Hamilton, the field CISO at security firm Lumifi, highlighted the damaging effects of the breach on patient care and the financial stability of hospitals and clinics.

UnitedHealth Group initially estimated the cost of the attack to be $2.5 billion, with expectations that it would reach $2.9 billion for the fiscal year. However, the actual financial impact surpassed these projections, reaching $3.1 billion by the end of 2024. The company’s full-year financial results, released on January 16, revealed the staggering cost of this security incident.

One of the key vulnerabilities that allowed the breach to occur was the lack of robust security controls, particularly the absence of multifactor authentication for remote access. Security experts pointed out that implementing MFA could have potentially thwarted the attack altogether. This oversight in security measures served as a wakeup call for organizations to prioritize cybersecurity protocols to safeguard sensitive data.

The perpetrators of the attack, identified as a Western affiliate of the Russian ransomware group ALPHV, managed to extort a $22 million cryptocurrency ransom from UnitedHealth in exchange for deleting the stolen data. However, the situation took a twist when ALPHV reneged on their promise and attempted to leverage the stolen data for further ransom demands through a newly established ransomware group called RansomHub.

In the aftermath of the breach, UnitedHealth is facing a barrage of proposed class action lawsuits from affected individuals and entities, along with the scrutiny of state attorney generals. The legal ramifications of this incident are expected to be prolonged and complex as the company navigates the fallout from one of the largest healthcare data breaches in recent memory.

Overall, the $3.1 billion cost incurred by UnitedHealth Group serves as a stark reminder of the immense financial and reputational damage that cyberattacks can inflict on organizations, especially in the healthcare sector where the stakes are exceptionally high. As the industry grapples with evolving cyber threats, proactive cybersecurity measures and rapid incident response are crucial to mitigate the impact of such devastating breaches in the future.

Source link

Latest articles

Hewlett Packard notifies employees of data breach by Russian hackers

Hewlett Packard Enterprise (HPE) has recently disclosed a cyberattack that took place in May...

Attackers conceal malicious code within Hugging Face AI model Pickle files

In the realm of machine learning (ML) models, Pickle stands out as a popular...

Ghidra 11.3 release includes new features, performance enhancements, and bug fixes

The NSA's Research Directorate recently announced the release of Ghidra 11.3, the latest version...

Google Mandiant identifies MSI flaw in Lakeside Software

A vulnerability in a Microsoft software installer developed by Lakeside Software has been discovered,...

More like this

Hewlett Packard notifies employees of data breach by Russian hackers

Hewlett Packard Enterprise (HPE) has recently disclosed a cyberattack that took place in May...

Attackers conceal malicious code within Hugging Face AI model Pickle files

In the realm of machine learning (ML) models, Pickle stands out as a popular...

Ghidra 11.3 release includes new features, performance enhancements, and bug fixes

The NSA's Research Directorate recently announced the release of Ghidra 11.3, the latest version...