💰💣

Change Healthcare Security Incident

2022 1360 days ago Resolved

Incident Overview

Situation Description

The Health Sector Cybersecurity Coordination Center (HC3) issued an alert regarding a cybercrime group, Scattered Spider, targeting the healthcare sector with ransomware and AI-driven social engineering tactics.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Healthcare

Geographic Scope

Global

Response Actions

Shared Threat Intelligence Enhanced Third-Party & Supply Chain Risk Management

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Financial Data (Credit Cards, Bank Accounts) Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Data Exposure

Key Decisions Made

HC3 published a sector alert to advise on mitigations against threat actors targeting various sectors.; FS-ISAC recommended engaging in or building a brand protection service that monitors in real-time for domain registrations impersonating a brand.; The U.S. Department of Justice claimed to have seized the ALPHV/BlackCat ransomware gang's infrastructure.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider Octo Tempest UNC3944 ALPHV/BlackCat

Vulnerability / Tool

AnyDesk ConnectWise Controller LogMeIn Teamviewer Mimikatz secret dump

Additional Information

The agency warns that a Western organized cybercrime group may be targeting healthcare data by leveraging ransomware variants and AI tools that exploit advanced social engineering. Global Privacy & Security By Andrea Fox , Senior Editor | October 29, 2024 | 11:51 AM Image: Andrew Neel/Pexels The Health Sector Cybersecurity Coordination Center has published a sector alert to advise on mitigations to defend against U.S. and U.K.-based threat actors who initially targeted companies involved in customer relationship management, business-process outsourcing and technology in 2022 and shifted to gaming, hospitality, retail, manufacturing and financial sectors. Scattered Spider, also known by other names, such as Octo Tempest, has become known for its advanced social engineering techniques, including voice phishing using artificial intelligence to spoof victims voices and SIM swapping to obtain initial access to targeted organizations. WHY IT MATTERS According to a revised threat actor profile released by the Healthcare HC3 on October 24, Scattered Spider operatives engage in data extortion and often evade detection by living off the land and modifying their tactics, techniques and procedures. These threat actors have leveraged various remote monitoring and management tools, used multiple information stealers and then deployed various ransomware to victim environments chiefly for financial gain. The agency links to specific mitigation and control measures that it said health systems should familiarize themselves with. These include the mitigations global financial institutions have implemented in response to Scattered Spider activities compiled by the Financial Services Information Sharing and Analysis Center, joint recommendations the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency offered last year, and others. Updated information from the previous CISA advisory in HC3's new alert of the group's arsenal lists 23 legitimate...

... (truncated for display)

Quick Facts

Company:: Change Healthcare
Date:: 2022
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 29/10/2024

Source Information

Original Query

DOJ indictment details for Scattered Spider members and tactics

View Original Source

Timeline

Information Published

29/10/2024

Incident Occurred

2022 (1360 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats