menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Crime News

>

How the ra...
source image

TechCrunch

7d

read

273

img
dot

Image Credit: TechCrunch

How the ransomware attack at Change Healthcare went down: A timeline

  • A ransomware attack in February on US health tech company Change Healthcare affected at least 100m people, making it one of the largest data breaches of US health and medical data in history.
  • The company processes billing and insurance for hundreds of thousands of medical practices, pharmacies, and hospitals in the US healthcare sector, handling between one-third and one-half of all US health transactions.
  • The hackers broke into the company's system on or around February 12, with Change Healthcare only confirming that a cyber attack was the cause of the outage eight days later.
  • UnitedHealth later confirmed that a Russian-speaking ransomware gang, ALPHV/BlackCat, was behind the attack, with the gang itself also publishing evidence on the dark web.
  • In early March, the gang vanished after a $22m ransom payment, leaving the data behind to form a new extortion racket called RansomHub in April.
  • As of October 24, UnitedHealth confirmed the breach affected over 100m people, while a lawsuit by Nebraska revealed new details of the hack, suggesting the number could rise further.
  • CEO Andrew Witty later admitted that a user account was hacked with a single password that was not protected by multi-factor authentication.
  • Change Healthcare started notifying affected individuals in late June through a law requiring mandatory notice, while the US government upped its bounty to $10m for information on the gang’s location.
  • Affected healthcare providers can also request UnitedHealth notify their patients, while the incident remains one of the biggest data breaches of sensitive US health data.
  • UnitedHealth said the hackers stole sensitive information, including medical data, health information, diagnoses, payment information, test results, imaging, care plans, treatment plans and other personal information.

Read Full Article

like

16 Likes

For uninterrupted reading, download the app