Change Healthcare: US population informed about data leak
Following a cyberattack in February, Change Healthcare informs its customers about a data leak that could affect a large part of the US population.
(Image: LeoWolfert/Shutterstock.com)
A major healthcare IT and health insurance provider in the US, Change Healthcare, has been notifying its customers of a data leak since June 20. The notification informs doctors, pharmacies, healthcare providers and patients about the incident, which potentially affects a large part of the US population. The company is currently investigating which data of which customers is affected. Those affected are to be informed by letter from the end of July.
Although it is unclear how many people are affected, Change Healthcare assumes that a "significant proportion of people in America" have been affected. The published data may include names, addresses, dates of birth, insurance details, payment information, social security numbers and other sensitive information. For some patients, medical information such as diagnoses, medication taken, test results, image, care and treatment data is also affected. The company emphasizes that only part of the data has been published: "To date, we have not seen complete medical histories in the data review", the statement reads.
In February, Change Healthcare discovered a ransomware attack on the company's infrastructure. As a result of the attack, there were massive system failures, which also affected the supply. The ransomware group AlphV was probably behind the attack. In the further course of the attack, Change Healthcare paid a ransom of 22 million US dollars in Bitcoin to AlphV, but was also listed on the leak site of the ransomware group RansomHub.
Server not secured via multifactor authentication
Weeks ago, Change Healthcare confirmed in court that it had paid a ransom to the cybercriminals. In a hearing before the US Senate, the CEO of UnitedHealth, Andrew Witty, stated that the attackers had infiltrated via a server that was not protected by multifactor authentication. This allowed the attackers to access the Citrix application for remote access to Change Healthcare's systems.
After the takeover of Change Healthcare by UnitedHealth in 2022, the systems first had to be brought up to date, says Witty. It is therefore possible that appropriate security measures are not active everywhere. However, Witty affirmed that all employees are required to activate multifactor authentication. He was unable to say why the attackers were able to operate unnoticed in the systems for a week - the exact circumstances are still being investigated.
15 billion annual transactions
According to Change Healthcare, it processes around 15 billion transactions per year and has access to one in three patient records in the USA. The cyberattack, which is said to have already cost one billion US dollars in the first quarter of 2024, has already caused considerable disruption: Pharmacies in the USA, for example, have been struggling with IT problems since February. US military hospitals are also affected worldwide.
Protective measures
Anyone suspected of being affected will receive two years of free identity protection and credit monitoring systems from Change Healthcare. In addition, those who may be affected should check their bank statements carefully and report any suspicious activity. Change Healthcare is working "around the clock" with cybersecurity experts and law enforcement agencies to investigate the incident. Change Healthcare has also set up a hotline.
(mack)
