Literature Review

Hackers behind Change Healthcare breach get $22M  Becker's Health IT, by Laura Dyrda; 3/5/24The cybercriminal organization responsible for hacking UnitedHealth Group's Change Healthcare has received a multimillion dollar payment in bitcoins, according to Reuters.UnitedHealth Group said Change was hit by BlackCat ransomware group Feb. 21, forcing its systems offline. The claims processing and revenue cycle management platform is still working to restore functionality, and asked health systems to use alternative methods for claims processing while its systems are down. BlackCat claimed it stole 6 terabytes of data from Change, including medical records and Social Security numbers. 

Change Healthcare outage: AHA slams UnitedHealth funding program Modern Healthcare - Cybersecurity, by Lauren Berryman; 3/4/2024The American Hospital Association slammed UnitedHealth Group's offer of financial assistance for some healthcare providers in the wake of the cyberattack on Change Healthcare and called on Congress for assistance. AHA President and CEO Richard Pollack said Change Healthcare parent company UnitedHealth Group's temporary loan program misses the mark in a letter sent Monday to UnitedHealth Group President and Chief Operating Officer Dirk McMahon. Pollack criticized the initiative for what he described as its limited eligibility criteria and unfair contract terms and conditions.

Change Healthcare's temporary funding program 'not even a Band-Aid,' AHA says Becker's Health IT, by Giles Bruce; 3/4/24 The American Hospital Association called Change Healthcare's temporary funding program for providers affected by the cyberattack on the UnitedHealth Group subsidiary inadequate, while a U.S. Senate leader asked CMS to speed up payments to hospitals. Change Healthcare set up the funding assistance March 1 for providers facing cash-flow issues after losing access to its payer systems, which have been down since the Feb. 21 ransomware attack. However, AHA President and CEO Rick Pollack wrote in a March 4 letter to UnitedHealth Group that the program is "not even a Band-Aid on the payment problems you identify."

The ransomware groups targeting healthcare Becker's Health IT, by Naomi Diaz; 2/29/24Russia-based ransomware gang ALPHV/Blackcat, aka BlackCat, has made headlines due to its attack on Change Healthcare, but the group has been targeting healthcare for a while. "This group in particular has been very aggressive targeting healthcare and has been responsible for numerous high-impact attacks," John Riggi, the American Hospital Association's national adviser for cybersecurity and risk, told Becker's. BlackCat, which uses a ransomware-as-a-service model, is known as the "second most prolific ransomware-as-a-service variant in the world," according to the Justice Department.

Ransomware gang behind Change Healthcare attack: ReportBecker's Health IT, by Naomi Diaz; 2/26/24The BlackCat ransomware gang is claiming responsibility for an attack on Change Healthcare, TheRegister reported Feb. 26. Two people familiar with the matter told news outlet Reuters that BlackCat, which operates as a ransomware-as-a-service group, was behind the Feb. 21 cybersecurity incident on Change Healthcare. ... A Feb. 26 update on Optum's website indicates that the Change Healthcare incident, which has disrupted the organization's payment and pharmacy processing operations, is still ongoing. 

UnitedHealth unplugs change healthcare information systems to contain cyber attackManaged Healthcare Executive, by Peter Wehrwein; 2/23/24UnitedHealth Group disconnected Change Healthcare's information system to contain a cyberattack that the company says is from an unnamed “nation-state associated cyber security threat actor.”

Healthcare data breaches hit new highs in 2023Modern Healthcare, by Tim Broderick; 1/25/24A record 133 million individuals were impacted by healthcare data breaches. Imagine after purchasing a car the salesperson slaps the hood and says there's a 40% chance in the coming year that an unauthorized person will gain access to it or just outright steal the car.Full access to article requires a subscription  

How can hospitals prepare for 2024’s cyberthreats?MedCity News, by Katie Adams; 12/27/23Many hospitals remain underprepared to protect themselves against cybercriminals’ barrage of increasingly sophisticated attacks, but there are a couple concrete steps they can take to build a stronger defense structure — like virtual patching and thinking twice about moving to the cloud.

Ohio hospital, vendor hit with class action suit after data breachHealthcare DiveDecember 22, 2023A nonprofit hospital in Ohio and a medical transcription services company are facing a class action lawsuit after a data breach at the vendor earlier this year may have exposed personal and health information of nearly nine million people. The suit, filed this week in a district court in Ohio, alleges Salem Community Hospital and Perry Johnson & Associates, or PJ&A, waited six months to inform people who could have been affected by the breach, leaving patients vulnerable to identify theft. 

Norton Healthcare ransomware attack exposes 2.5M peopleHealthcare DiveDecember 11, 2023Norton Healthcare said sensitive data on 2.5 million people was exposed by a ransomware attack in May, the clinic and hospital group said Friday in a data breach notification filed with Maine’s attorney general. Norton Healthcare discovered the cyberattack on May 9, which it later determined was ransomware. The threat actors had access to some network storage devices between May 7–9, but the healthcare group’s medical record system was not compromised, the company said in the filing. An investigation into the attack, which was completed in mid-November, determined names, contact information, Social Security numbers, dates of birth, health and insurance information, and medical ID numbers were compromised. .... [Kentucky-based] Norton Healthcare said it did not make a ransom payment and has not detected any additional indicators of compromise since it began restoring its systems from backups on May 10. The delayed disclosure, seven months after the intrusion was detected, underscores the complicated nature of post-incident investigations. 

Dameron Hospital in Stockton hit by cyberattackKCRA-TV (Sacramento, CA)December 5, 2023Stockton, CA—Dameron Hospital in Stockton said it is investigating a cyberattack that has forced some patients to reschedule their procedures. The hospital said in a statement Tuesday that “patient care operations are functioning normally,” which includes its emergency department. The hospital described the issue as a “data security incident that has impacted certain systems on our network.” It did not say when the attack happened or describe which systems may have been compromised.