💰💣⚙️

Change Healthcare Security Incident

21/02/2024 579 days ago Resolved

Incident Overview

Situation Description

Change Healthcare, a division of Optum and subsidiary of UnitedHealth Group, experienced a cyberattack on February 21, 2024, which compromised customer data and disrupted operations, affecting a significant portion of U.S. medical transactions.

Event Types

Ransomware Malware / Destructive Attack Technical Failure / Outage

Industry Sector

Healthcare

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Fulfilled Formal Breach Disclosure Obligations Notified Affected Individuals & Entities Offered Post-Breach Remediation Services Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (3 identified)

Ransomware Malware / Destructive Attack Technical Failure / Outage

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PHI (Protected Health Information)

Primary Impacts

Operational Disruption Financial Loss Data Exposure Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

Change Healthcare initiated a shutdown of systems and services to contain the attack and prevent further spreading of the ransomware.; Optum established a Temporary Funding Assistance Program to assist medical practices unable to meet their weekly shortfall.; The Department of Health and Human Services (DHHS) issued a letter stating that the Office for Civil Rights (OCR) would be opening an investigation into the incident.

Technical Analysis

Attack Method

Unpatched Vulnerability

Threat Actor Attribution

BlackCat

Vulnerability / Tool

ConnectWise

Additional Information

Skip to site content Articles Managing Vendor Risk: Lessons Learned After the Change Healthcare Breach Back to all articles The healthcare sector was dealt another blow on February 21, 2024, when Change Healthcare, a division of Optum and a subsidiary of UnitedHealth Group Incorporated, fell victim to a cyberattack. The company disclosed that the attack compromised customer data and disrupted operations, leading to a shutdown of customer-facing services. This interruption had a significant ripple effect, affecting an estimated one-third of all medical transactions in the U.S. [1] , highlighting the critical role Change Healthcare plays in the nations healthcare infrastructure. Many medical practices were unable to process claims, verify insurance eligibility, access patient records, and conduct routine billing. As a result, the disruption caused lost income and forced some offices to temporarily close. This incident raises many questions regarding Change Healthcares security practices and how an organization can protect itself from the same fate. This article highlights a crucial lesson about the risks of vendor dependency in the healthcare sector. What Happened Change Healthcare fell victim to a Russian-linked hacking group named BlackCat known for its expertise in ransomware attacks. The group exploited a vulnerability in a product called ConnectWise to infiltrate Change Healthcare's systems. Upon gaining access, they exfiltrated 6 terabytes of data containing protected health information (PHI) then launched a ransomware attack locking the company out of their systems [2] . Immediately following the detection of the incident, Change Healthcare initiated a shutdown of systems and services to contain the attack and prevent further spreading of the ransomware. The result of the massive shutdown left healthcare organizations helpless as they lost access to Change Healthcare services upon which they depended. Furthermore, these organizations were left in the dark...

... (truncated for display)

Quick Facts

Company:: Change Healthcare
Date:: 21/02/2024
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 2024-05

Source Information

Original Query

UnitedHealth "Change Healthcare" ransomware attack "third-party" impact response

View Original Source

Timeline

Information Published

2024-05

Incident Occurred

21/02/2024 (579 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats