The Year of Ransomware: What you need to know to protect your data.
"Help_Decrypt_Your_Files," the year of ransomware has officially arrived. These 4 words can turn a business upside down with one click of the mouse....
Five Nines Team : Apr 24, 2024 2:49:08 PM
3 min read
After the ransomware-related outage brought crucial healthcare reimbursement systems to a halt for providers across the country in late February 2024, all eyes were trained on the high-stakes investigation that followed.
The outage, which left providers and pharmacies unable to use their claims processing and reimbursement platform for more than three weeks in February and March, has been traced to an attack by BlackCat/ALPHV Ransomware Group. The attackers crippled Change Healthcare's systems, demanding a multi-million dollar ransom in exchange for the safe return of files and the restoration of system access.
Between the lengthy system outage impacting millions of transactions, incident response and recovery costs, and a ransom payment, Change Healthcare's parent company UnitedHealth Group has admitted that the cost of the attack will likely exceed $1 Billion. In further reports, UHG revealed the first quarter total impact reached $870 Million, with approximately $595 Million being direct costs from the system outage & restoration period (WSJ Cybersecurity).
CSO Online reports that cryptocurrency transaction evidence reveals UHG paid the $22 Million ransom, but UnitedHealth Group admitted on April 22 that Protected Health Information (PHI) and Personally Identifiable Information (PII) were still exposed in the attack.
Apart from the direct costs to UnitedHealth Group, the impact to individuals is significant. UHG reports that the exposed files containing PHI & PII "could cover a substantial proportion of people in America", and that it will likely take several months before impacted individuals can be identified and notified of their exposed data.
As the US Department of Health & Human Services (DHHS) investigated the breach, Congressional hearings began in April with calls to mandate baseline security standards for organizations within the healthcare sector as a result of the national security risk posed by breaches of far-reaching, interconnected healthcare systems like that of Change Healthcare.
Breach investigation reports now reveal that Multi-Factor Authentication protocols were absent on the remote access application in use within Change Healthcare's systems. Compromised user credentials, paired with the absence of a second authentication method, allowed attackers to use the remote access tool and quietly enter Change Healthcare's network undetected for more than a week before deploying the Ransomware attack.
"Deploying MFA is non-negotiable. It’s the front line in ensuring that users are who they claim to be.”
MFA is not a silver bullet, and it's not the only cybersecurity tool that should be in use protecting your business network. Still, with 74% of all security breaches being traceable to a human element (including credential exposure), added security at the login level is becoming more than just a security best practice – it's a security necessity.
You've heard it before, we're sure, but it's true – healthcare is a top target for cyberattacks, whether you're a small, rural facility or a national provider.
In 2022, Healthcare was identified as the most-breached industry by Kroll's Data Breach Outlook report. The reason? Not only is the payout lucrative for attackers if they succeed at obtaining PHI & PII, but the attack execution can often be easy. Kroll's 2023 report revealed that 28% of healthcare organizations still only invest in basic security protections, like monitoring. That makes for an easy breach from an attacker's perspective.
Three takeaways from the Change Healthcare attack and industry vulnerabilities it revealed include:
The risks are high and the impact can be devastating if your organization falls victim to a large attack. If you need help prioritizing security within your healthcare IT strategy, Five Nines can help. Contact us today to collaborate with one of our experts.
"Help_Decrypt_Your_Files," the year of ransomware has officially arrived. These 4 words can turn a business upside down with one click of the mouse....
AI, with its immense potential, is reshaping the realm of cybersecurity. The integration of AI into the already overwhelming list of today’s cyber...
It’s all too easy to forget how integral and pervasive software-as-a-service (SaaS) has become to modern business operations, given the efficiencies...