Lessons Learned From Massive Healthcare Cyberattack

It’s not often a cyberattack affects a substantial portion of Americans. In early 2024, UnitedHealth Group confirmed a ransomware attack on its subsidiary, Change Healthcare, resulting in a significant theft of Americans’ private healthcare data. The attack compromised files containing personal and protected health information. A new hacking group, RansomHub, began publishing portions of the stolen data, aiming to extort further ransom from the company.

How The Cyberattack Happened

A ransomware group gained unauthorized access to Change Healthcare’s network by utilizing stolen credentials for a remote access system. The intruders operated within the network for over a week undetected, then executed a ransomware attack. This enabled them to siphon a substantial volume of data from the company’s infrastructure.

The cyberattack triggered widespread disruptions in pharmacies and hospitals across the United States. For an extended period, healthcare professionals encountered difficulties in verifying patient benefits, dispensing medications, and processing necessary authorizations for medical procedures. Two months after the cyberattack, pharmacy services returned to near-normal levels, according to UnitedHealth.

“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.

As of mid-April, the cyberattack cost UnitedHealth more than $870 million in losses. The impact was so wide-reaching and disruptive, the Biden administration launched an investigation into the attack.

Issues Highlight Needed Guardrails

Two major issues led to the ransomware attack. First, multifactor authentication protocols were not enabled on the application that was hacked, a person familiar with the investigation told the Wall Street Journal. Multifactor authentication (MFA) provides an added layer of security and can help prevent bad actors from gaining access to a platform. The average user is accustomed to MFA, usually through text message codes or access tokens.

The second issue involved the ransomware group working undetected for a week before carrying out the attack. While the investigation is still under way, it’s alarming for any organization to realize hackers can quietly roam through its network. The good news – companies can learn lessons from this attack and ensure it has guardrails in place to reduce its risk and keep intruders out.

Secuvy Solutions To Prevent Cyberattacks

Secuvy offers comprehensive cybersecurity solutions aimed at preventing cyberattacks on organizations. Our self-learning AI platform is proactive – not reactive. It reduces risk by discovering, and classifying sensitive data while detecting anomalous patterns and potential threats that human oversight might miss. Secuvy delivers a 360° continuous data visibility with 99+% accuracy at 4 times the performance of the current leading data discovery offerings – with a savings of up to 90% of the current costs.

Through advanced threat detection and prevention mechanisms, Secuvy employs state-of-the-art technologies to safeguard sensitive data and infrastructure from malicious actors. By conducting regular vulnerability assessments and penetration testing, Secuvy identifies potential weak points in an organization’s network and implements robust security measures to mitigate risks effectively. Additionally, Secuvy can help empower your staff to recognize and respond to potential threats proactively.

What Secuvy Offers

We can show you how:

To discover & classify ALL sensitive personal data including unstructured and SaaS on a single platform
To quantify your exposure risk
To build an inventory of your sensitive data
To map your data flows and get visibility into data linkages
To automate processing DSR requests including data retention/deletion across endless data silos
To build and manage policies to protect personal data access and comply with global privacy laws

Related Blogs

November 15, 2024

Best Practices for Data Classification in ISO 42001 Compliance

Using Data Classification for Effective Compliance When working toward ISO 42001 compliance, data classification is essential, particularly for organizations handling

November 12, 2024

Getting Started with Data Classification for ISO 42001 Compliance: A How-To Guide

Laying the Groundwork for ISO 42001 Compliance Starting the journey toward ISO 42001 compliance can seem complex, but with a

November 7, 2024

A Comprehensive Guide To Data Subject Access Request (DSARs)

A Data Subject Access Request (DSAR) is the means by which a consumer can make a written request to enterprises

Best Practices for Data Classification in ISO 42001 Compliance

November 15, 2024

Using Data Classification for Effective Compliance When working toward ISO 42001 compliance, data classification is essential, particularly for organizations handling large amounts of data. Following certain best practices can streamline

Getting Started with Data Classification for ISO 42001 Compliance: A How-To Guide

November 12, 2024

Laying the Groundwork for ISO 42001 Compliance Starting the journey toward ISO 42001 compliance can seem complex, but with a strategic approach, companies can lay a strong foundation. Here’s a

A Comprehensive Guide To Data Subject Access Request (DSARs)

November 7, 2024

A Data Subject Access Request (DSAR) is the means by which a consumer can make a written request to enterprises to access any personal data they hold on them. By

Vendor Risk Management: What is It, Why is It Important, and More

November 7, 2024

VRM deals with managing and considering risks commencing from any third-party vendors and suppliers of IT services and products. Vendor risk management programs are involved with making sure that any

All About Data Discovery Tools -Characteristics And Evaluation

October 30, 2024

With organizations storing years of data in multiple databases, governance of sensitive data is a major cause of concern. Data sprawls are hard to manage and increase an organization’s risk

CPRA vs CCPA: What You Need to Know About the Replacement of CCPA in 2023

October 30, 2024

In 2023, the California Privacy Rights Act (CPRA) will supersede the California Consumer Privacy Act (CCPA), bringing with it a number of changes that businesses need to be aware of.

Mastering EU AI Act Compliance Through AI-Driven Data Classification Methods

October 9, 2024

For years, tech companies have developed AI systems with minimal oversight. While artificial intelligence itself isn’t inherently harmful, the lack of clarity around how these systems make decisions has left

Understanding AI Compliance: Key Insights for Businesses

September 25, 2024

Navigating the Shift in AI Compliance Regulations The latest revisions in the Justice Department’s corporate compliance guidelines signal a significant shift for companies that rely on AI technologies. Secuvy’s dedication

Role of Data in Ensuring Data Security

September 18, 2024

Introduction The threat landscape around data security evolves each year due to factors like a lack of robust security measures, improper data handling, and increasingly sophisticated cyberattacks. With data growing

New GDPR Report Highlights Rising Enforcement and Data Protection Hurdles

August 9, 2024

On July 25, 2024, the European Commission released its Second Report on the Application of the General Data Protection Regulation (GDPR), offering an in-depth look into the evolving landscape of

Unlocking the Potential of AI with Data Governance, Security, and Compliance

August 6, 2024

In today’s fast-paced technological landscape, the intersection of AI, data security, and compliance has become a focal point for enterprises aiming to leverage AI’s capabilities while safeguarding sensitive information. Understanding

Ensure Data Privacy and Fair Decision-making with AI Data Governance

July 16, 2024

Today Artificial Intelligence (AI) is a part of our day-to-day activities, and knowingly or unknowingly, it impacts our actions and decision-making. With the growing use of AI in almost all

AI Executive Order and AI Data Governance

A Letter from the CEO: Executive Actions on Artificial Intelligence

July 3, 2024

Single platform, privacy-driven security is the future To our colleagues in the data privacy and security space, Over the past few months, I’ve been asked about the White House’s executive

Practical tips for CTOs to handle privacy risks and comply with evolving data laws

July 3, 2024

Growing concerns over data breaches have led to a flurry of data regulations around the world that are aimed at protecting sensitive information about individuals. Through these data laws, organizations

Lessons Learned From Massive Healthcare Cyberattack

May 13, 2024

Inventorize personal information with data mapping and meet compliance requirements

May 8, 2024

Inventorize personal information with data mapping and meet compliance requirements Organizations have numerous data sources spread across their IT landscape, which they use to collect, store, and process their customers’s

Understanding Washington Health Law: My Health My Data Act aimed at Data Privacy

May 2, 2024

The State of Washington passed the My Health My Data Act (MHMDA), which is a groundbreaking data privacy law focused on protecting personal health data. This Washington health law empowers

CPRA compliance checklist for businesses

Essential CPRA Compliance Checklist: Ensuring Business Adherence to California’s Data Privacy Regulation

April 15, 2024

Essential CPRA Compliance Checklist: Ensuring Business Adherence to California’s Data Privacy Regulation The residents of California have a legal right to know what personal information is collected by companies following

Large Language Models (LLMs), Data Privacy and Security: What you Need to Know

April 2, 2024

What inspired the rise of LLMs and why now? We have witnessed the remarkable rise of generative AI, powered by vast amounts of pre-trained data within large language models (LLMs).

A Structured Explanation of Unstructured Data

February 13, 2024

A Structured Explanation of Unstructured Data To corporate Privacy teams, the term “unstructured data” is frequently thrown around. Yet truly understanding what it means, and therefore knowing its implications and

Unlock the Power of AI for Data Privacy Observability

February 7, 2024

In today’s data-driven world, where privacy concerns loom large and regulations become increasingly enforced, Privacy teams face the formidable task of safeguarding their organization’s sensitive information while ensuring compliance with

AI Data Governance for Fair Decision-making

February 4, 2024

AI Data Governance for Fair Decision-making Today Artificial Intelligence (AI) is a part of our day-to-day activities, and knowingly or unknowingly, it impacts our actions and decision-making. With the growing

2023 Data Security Breaches: The Top 10 List You DON’T Want to Be On

January 23, 2024

Organizations faced costly consequences from cyberattacks As we navigate the ever-evolving landscape of cybersecurity threats, the year 2023 has witnessed a series of high-profile data security breaches that have left

Understanding what is CPRA’s Do Not Sell or Share my Personal Information

January 4, 2024

Understanding what is CPRA’s Do Not Sell or Share my Personal Information To protect the privacy of California residents, the state of California introduced the California Consumer Privacy Act (CCPA)

Navigating New SEC Rules: The Ultimate Playbook for CISOs

December 27, 2023

In a significant development, the Securities and Exchange Commission (SEC) implemented new rules effective December 2023, aimed at enhancing transparency and consistency in the disclosure of cybersecurity incidents by registrants.

Why Security Teams Need Contextual Data Discovery

December 23, 2023

As of 2021, we are creating 1.145 trillion MB of data per day. And come 2025, we will have up to 463 exabytes of data at our hands each day.

Credit Unions Hit by Ransomware Attack – December 17, 2023

December 21, 2023

Credit Unions Hit by Ransomware Attack – December 17, 2023 Credit unions across the United States are currently contending with extensive disruptions resulting from a malicious ransomware attack. The incident

How Self-Learning AI Greatly Improves Data Discovery & Classification

December 5, 2023

Secuvy’s unsupervised machine learning algorithms (“self-learning AI”) play a pivotal role in enhancing data discovery and classification processes with our customers. Unlike traditional discovery techniques or supervised machine learning, where

Enhancing Data Deletion for Global Privacy & Security Compliance with Self-Learning AI

December 5, 2023

Global privacy and security laws, such as General Data Protection Regulation (GDPR) and the latest edition in India the Digital Personal Data Protection Act (DPDPA) have significantly altered the landscape

International Data Privacy Laws: What to Expect in 2024

November 16, 2023

Consumers are Greatly Concerned About Data Privacy Data privacy and identity protection are top concerns among consumers. A recent report from Pew Research Center reveals that 81% of adults are

Seven Foundational Steps to Comply with DPDPA

Seven Foundational Steps to Comply with India’s DPDPA

November 16, 2023

The Digital Personal Data Protection Act (DPDPA) marks a significant milestone in India’s legislative history, culminating after years of negotiations and false starts. Enacted to safeguard the rights of India’s

The Evolving Data Discovery Landscape: Navigating Data Sprawl in the Cloud

November 16, 2023

Introduction The data discovery challenge is undergoing a profound transformation driven by cloud-native technologies and the rapid pace of application development, fueled by advances in generative AI. This paradigm shift

What the SEC and SolarWinds are Saying to CISOs

November 15, 2023

In short, the pressure on CISOs to proactively manage and report incidents has reached a tipping point. In July, the SEC (Securities & Exchange Commission) approved a long-awaited cybersecurity framework

A Primer: The India Digital Personal Data Protection Act

November 9, 2023

A Primer on India’s Digital Personal Data Protection Act In an era where personal data has become a digital currency, the need to strengthen data privacy has never been more

Universal Data Governance: How to Set Up One?

November 2, 2023

An organization can make use of universal data governance to stay ahead of its competitors. When governed in the right way, the collected data can help in identifying quality data,

Operationalize Privacy by Design (for Privacy Professionals)

November 2, 2023

Privacy Impact Assessment (PIAs) are one of the most important tools that help to access the personal information across the organisation. This is a big help for privacy professionals who

Pt 2: Explosion of Large Language Models (LLMs), Unstructured Data and the Need for AI Data Discovery

August 30, 2023

What every privacy & legal team needs to know. Around 2008, storage prices reached a downward inflection point and have been drastically reducing since. Technological advances, such as the rise of SaaS,

Why Businesses need to care about ROPA – Record of Processing Activities for Data Security, Risk & Privacy?

August 17, 2023

Practical Information related to ROPA – Record of Processing Activities Creation

India’s Digital Personal Data Protection Bill 2023

August 15, 2023

What is the Digital Personal Data Protection Bill 2023? Digital Personal Data Protection Bill (DPDPB) 2023 is India’s first privacy law. The DPDPB is designed to regulate the collection and

Large Language Models (LLMs), Data Privacy, and Security: What you Need to Know

August 2, 2023

What inspired the rise of LLMs and why now? We have witnessed the remarkable rise of generative AI, powered by vast amounts of pre-trained data within large language models (LLMs).

International Data Privacy Laws: What to expect in 2023

July 18, 2023

New international data privacy laws are expected in 2023. Saudi Arabia Personal Data Protection Laws (PDPL) Amendments to the Kingdom of Saudi Arabia (KSA) have been confirmed to take effect

Data Security – The Other side of Data Privacy

July 13, 2023

Data Security – The Other side of Data Privacy Privacy has been a buzzword for years, discussed and talked about at different forums for different reasons. Today we live in

U.S. Data Privacy Laws: What to Expect in 2023

July 5, 2023

Currently, over 130 countries have international data privacy laws in place to safeguard individuals’ data; with more countries, regions, and localities adding new ones in the coming years. These laws

Is CCPA Applicable to your Business?

April 2, 2023

California Consumer Privacy Act (CCPA) came into implementation from Jan 1st 2020. In this blog post, we will talk about how it came into effect and how this law affects

Decoding the California Privacy Rights Act: What Businesses Need to Know

December 9, 2022

The California Privacy Rights Act (CPRA) is the replacement of the much-discussed CCPA, which will come into effect in 2023. The CPRA is significant for businesses as it tightens up

Schrems II: Cross Country Data Transfers

December 5, 2022

Cross Country Data Transfers

Current State of US Privacy Laws

October 4, 2022

Current State of US Privacy Laws

CCPA vs GDPR

August 2, 2022

CCPA vs GDPR Regulation GDPR CCPA Enforcement Date May 25th, 2018 Jan 1st, 2020 Who needs to comply Any Business that collects or processes the data of EU citizens and

Financial Market Data Security via Secuvy

Why the future of financial services depends on zero trust data security

July 7, 2022

Data Security for Financial Services

How Healthcare Organizations can Discover/Classify/Protect Unstructured Data

July 4, 2022

Healthcare Organisations have massive amount of Unstructured data. Learn How Secuvy AI can minimize these risks

Overview of Data Privacy Laws in 2022

April 19, 2022

What 2022 Entails for Data Privacy As much as digitalization is sweeping the world in a wave, there is an increasing need to secure and protect the volumes of data

Data Discovery as the foundation for CCPA Compliance

February 28, 2022

Introduction Today, data is power. Qualitative, meaningful insights derived from collected data give businesses an edge in competition. However, consumer information privacy and the protection of their personal information has

How Data Intelligence Tools help with Privacy & Governance?

February 17, 2022

Data intelligence is emerging as a necessity in the business world. Copious amounts of data notwithstanding, data intelligence helps businesses make sense of the quantum of data being collected. Today,

CCPA/CPRA Fines and How to Avoid These

February 15, 2022

CCPA/CPRA Fines and How to Avoid These The California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 are two privacy laws that aim to protect

Data Masking 101: Everything You Need to Know

February 8, 2022

How Data Masking can be used for GDPR and CCPA requests.

Classification for Data Inventory and Mapping

How Does Data Classification Help with Privacy and Security?

February 8, 2022

Compliance regulations demand critical consideration for organizations that engage in a data-driven business. The foundation for this lies in data classification. AI-automated data classification is an efficient, cost-effective, and sustainable

How does Data Catalog help in Privacy Compliance?

February 8, 2022

What is a Data Catalog? A data catalog is an organized and detailed inventory of all the data assets in an organization. It is a collection of metadata collaborated with

How Data Governance Teams Can Convince Executives about Privacy

February 4, 2022

Business executives worldwide today consider data a valuable strategic asset. Many executives also regard data governance as a vital instrument. It helps minimize risks while also enabling them to make

Privacy for Data Governance Teams

February 4, 2022

According to the Aureus Analytics report, it is estimated that the world’s data volume will grow at 40% per year from 2021 to 2026. Data has been recognized as a

Distinguishing Data Governance, Security, and Privacy

February 2, 2022

Data is a powerful tool for every business. It empowers us to make better decisions, improve operational efficiency, and reduce operating costs. When embarking on online transformation, data becomes a

Data Subject Rights: Types of Consent

February 2, 2022

Today, there is high adoption of digitalization. Transactions of all natures happen online, leaving behind data trails, letting companies “store” or retain user data with them for marketing or value-addition

Everything You Need to Know About Privacy Dark Patterns

February 1, 2022

Websites and apps are usually designed to guide users to navigate content in a simple manner. For instance, a red-colored icon with an “X” denotes closing a program. Recently, cues

Mitigate the Impact of Data Breaches in the Cloud

January 31, 2022

In today’s world, data is everywhere. From individuals to big organizations, data is used by everyone on an everyday basis. This data might include sensitive information, such as personal details,

Pragmatic Approaches to Mitigate Cloud HIPAA Breaches

January 31, 2022

Introduction HIPAA, short for the Health Insurance Portability and Accountability Act of 1996, is a code established to introduce security in electronic transactions relating to health care. The data sets

A Simple Guide To How A Data Subject Access Request (DSAR) Works.

January 24, 2022

More and more consumers are taking control of their data. There has been a rapid growth in the last decade of individuals who wish to obtain information about how their

How To Prevent Data Breach With GDPR?

January 18, 2022

Within the past few months, the risk of data breaches for Universities and Colleges has increased to a great extent. The GDPR and UK Data Protection Act have come into

How Privacy Data Discovery can help with GLBA Compliance

January 13, 2022

From provisions of the law to decisions on collected data and penalties, financial institutions need to know plenty of things about GLBA compliance. Learn new exemptions and challenges associated with

CNIL Cookie Compliance – A Thorough Update on the New Recommendations & Guidelines

December 27, 2021

CNIL Cookie Compliance – A Thorough Update on the New Recommendations & Guidelines We’re living in the age of hyper-personalization – times when even the highly classified financial sector has

No more Third Party Cookies? Here’s what website owners need to know

November 2, 2021

Moving parallel to the Covid-19 crisis has predicted the death of third-party cookies in coming years. As we prepare to bid farewell to third party cookies by the end of

What is PI VS PII? What Role Does CCPA Play to Protect Personal Data?

November 2, 2021

CCPA (California Consumer Privacy Act) is the very first US law that offers some rights to privacy to the state’s consumers. This law provides users greater control over their personal

Everything You Need To Know For Building An Effective ROPA For Your Business

November 2, 2021

The modern age is all about encryption of data and privacy shield. Whether it is a social media app or business, the need for data privacy has increased to a

How does GDPR Data Mapping Regulate the Privacy Compliance of Users?

November 2, 2021

The General Data Protection Regulation is a framework of new laws enacted by the 28 members of the European Union outlining why personal data is collected. With the GDPR requirements

Importance of Implementing Reasonable Security in Remote Working

November 2, 2021

Because of Covid 19, remote working has become highly popular. In the year 2020, every employee received some instruction on how to operate remotely. It has become a serious concern,

What is Data Privacy? Why is it Crucial for Your Business?

October 12, 2021

We all know that every business needs to build a trustworthy relationship with their customers for a successful inning. Cheating and fraud will eventually destroy everything that you create. Data

Global Predictions About Privacy Laws after GDPR in 2018

October 12, 2021

Data breaches have always been on the rise. From high profile firms like Yahoo and Uber to the small startup’s everyone has been the victim of attacks on their cyber

Top 10: Most Common Types of Cyber Attacks

September 15, 2021

A cyber attack can be defined as a malicious, deliberate attempt to target one or multiple computer systems. Individuals behind the offensive action use different ways to steal and destroy

Find Sensitive Data in Google Drive and Gmail

September 15, 2021

How Secuvy AI Automates Data Discovery for GSuite Gmail and GDrive are the paramount emails and cloud-based services worldwide. Secuvy Al proposes peerless support to the sensitive data and personal

How CCPA Regulation is Transforming the User Privacy Radius

September 15, 2021

In the wake of the pandemic, we’ve become more digitally connected, thus more vulnerable. By no stretch of the imagination, data privacy and its impact on consumers are the greatest

User Minefield: How Does the Data Protection Law Impact Your Web Privacy?

September 14, 2021

In the United States, 45% of respondents to a user data survey from leading encryption label RSA openly admitted that they had been victims of a data breach. With the

Major Ways GDPR Will Ensure a Better Customer Experience

September 14, 2021

What is GDPR Compliance? Not everyone is aware of GDPR, especially when your organization resides outside the EU. However, GDPR is an essential term as it has ramifications for your

Understanding The Idea Behind Children’s Online Privacy Protection Act (COPPA)

September 3, 2021

COPPA is the abbreviation for Children’s Online Privacy Protection Act. The bill – the U.S. law for protecting children’s online data and data privacy law – came into existence in

5 Ways Data Privacy Will Reshape Ecommerce in Years to Come – Future Predictions and Trends

January 4, 2021

Privacy and security are quickly becoming top concerns in ecommerce. Its growing popularity has attracted unwanted attention from cybercriminals online. In fact, a study by Trustwave claims that the ecommerce

Five Privacy Trends to Watch in 2021

December 30, 2020

Five Privacy trends to watch in 2021

CCPA vs CPRA

November 7, 2020

CCPA vs CPRA While Californian businesses are still coping with becoming compliant with the California Consumer Privacy Act (CCPA), the government has implemented another privacy law – California Privacy Rights

New Zealand Privacy Act 2020

October 11, 2020

The long-awaited amendment in the New Zealand Privacy Bill, which proposes amendment in the Privacy Act 1993, finally got a green flag in the parliament in June this year. The

Brazil LGPD Privacy Law

September 20, 2020

In September 2020, Brazil finally implemented its General Data Protection Law or Lei Geral de Proteção de Dados (LGPD). While Brazil already has 40 sectoral privacy laws at the federal

Ready to learn more?

Subscribe to our newsletters and get the latest on product updates, special events, and industry news. We will not spam you or share your information, we promise.

Career Form

By subscribing, you consent to the processing of your personal data via our Privacy Policy. You can unsubscribe or update your preferences at any time.

Lessons Learned From Massive Healthcare Cyberattack

How The Cyberattack Happened

Issues Highlight Needed Guardrails

Secuvy Solutions To Prevent Cyberattacks

What Secuvy Offers

Related Blogs

Best Practices for Data Classification in ISO 42001 Compliance

Getting Started with Data Classification for ISO 42001 Compliance: A How-To Guide

A Comprehensive Guide To Data Subject Access Request (DSARs)

Ready to learn more?

Career Form

Platform

Solutions

Learn

Company