It’s not often a cyberattack affects a substantial portion of Americans. In early 2024, UnitedHealth Group confirmed a ransomware attack on its subsidiary, Change Healthcare, resulting in a significant theft of Americans’ private healthcare data. The attack compromised files containing personal and protected health information. A new hacking group, RansomHub, began publishing portions of the stolen data, aiming to extort further ransom from the company.
How The Cyberattack Happened
A ransomware group gained unauthorized access to Change Healthcare’s network by utilizing stolen credentials for a remote access system. The intruders operated within the network for over a week undetected, then executed a ransomware attack. This enabled them to siphon a substantial volume of data from the company’s infrastructure.
The cyberattack triggered widespread disruptions in pharmacies and hospitals across the United States. For an extended period, healthcare professionals encountered difficulties in verifying patient benefits, dispensing medications, and processing necessary authorizations for medical procedures. Two months after the cyberattack, pharmacy services returned to near-normal levels, according to UnitedHealth.
“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.
As of mid-April, the cyberattack cost UnitedHealth more than $870 million in losses. The impact was so wide-reaching and disruptive, the Biden administration launched an investigation into the attack.
Issues Highlight Needed Guardrails
Two major issues led to the ransomware attack. First, multifactor authentication protocols were not enabled on the application that was hacked, a person familiar with the investigation told the Wall Street Journal. Multifactor authentication (MFA) provides an added layer of security and can help prevent bad actors from gaining access to a platform. The average user is accustomed to MFA, usually through text message codes or access tokens.
The second issue involved the ransomware group working undetected for a week before carrying out the attack. While the investigation is still under way, it’s alarming for any organization to realize hackers can quietly roam through its network. The good news – companies can learn lessons from this attack and ensure it has guardrails in place to reduce its risk and keep intruders out.
Secuvy Solutions To Prevent Cyberattacks
Secuvy offers comprehensive cybersecurity solutions aimed at preventing cyberattacks on organizations. Our self-learning AI platform is proactive – not reactive. It reduces risk by discovering, and classifying sensitive data while detecting anomalous patterns and potential threats that human oversight might miss. Secuvy delivers a 360° continuous data visibility with 99+% accuracy at 4 times the performance of the current leading data discovery offerings – with a savings of up to 90% of the current costs.
Through advanced threat detection and prevention mechanisms, Secuvy employs state-of-the-art technologies to safeguard sensitive data and infrastructure from malicious actors. By conducting regular vulnerability assessments and penetration testing, Secuvy identifies potential weak points in an organization’s network and implements robust security measures to mitigate risks effectively. Additionally, Secuvy can help empower your staff to recognize and respond to potential threats proactively.
What Secuvy Offers
We can show you how:
- To discover & classify ALL sensitive personal data including unstructured and SaaS on a single platform
- To quantify your exposure risk
- To build an inventory of your sensitive data
- To map your data flows and get visibility into data linkages
- To automate processing DSR requests including data retention/deletion across endless data silos
- To build and manage policies to protect personal data access and comply with global privacy laws
Contact us today to schedule a demo and take the next steps in fortifying your organization’s cyber security.
