Topics
belated
AI
Amazon
Image Credits:Craig Lassig / AP
Apps
Biotech & Health
Climate
Image Credits:Craig Lassig / AP
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
gage
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
privateness
Robotics
Security
Social
place
inauguration
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
touch Us
Questions remain about the security of millions of patients’ medical records
A cyberattack at U.S. health technical school colossus Change Healthcare has ground much of the U.S. healthcare scheme to a stoppage for the 2nd week in a row .
infirmary have been unable to check insurance benefit of in - patient stay , handle the prior authority needed for patient procedures and surgery or summons billing that pays for aesculapian service of process . pharmacy have struggled to determine how much to charge affected role for prescriptions without memory access to their wellness insurance policy record , forcing some to pay for dearly-won medicine out of pocket with cash , with others ineffective to yield the costs .
SinceChange Healthcare shut out down its connection suddenly on February 21 in an effort to contain the digital intruder , some small healthcare supplier and pharmacies are warning of crashing cash reserves as they fight to give their bills and faculty without the steady flow of reimbursement from indemnity hulk .
Change Healthcare ’s parent company UnitedHealth Group saidin a filing with government regulators on Fridaythat the health technical school company was making “ substantial advance ” in restoring its touch systems .
As the cheeseparing - terminus shock of the on-going outages on patients and supplier becomes clear , question remain about the certificate of jillion of people ’s extremely sensitive aesculapian info manage by Change Healthcare .
From Russia , aprolific ransomware pack taking quotation for the cyberattackon Change Healthcare claim — without yet publishing grounds — to have stolen enormous banks curb millions of affected role ’ individual medical information from the wellness technical school giant ’s system of rules . In a new twist , the ransomware ring now seem to have faked its own dying and set down off the map after receive a ransom requital worth millions in cryptocurrency .
If patient datum has been stolen , the ramifications for the affected patients will belike be irreversible and life - long-lived .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Change Healthcare is one of the world ’s large facilitator of health and medical information and patient record , handle billions of healthcare minutes annually . Since 2022 , the wellness tech titan has been possess by UnitedHealth Group , the largest health insurance provider in the United States . Hundreds of thousands of physician and dentists , as well as tens of G of pharmacies and hospital across the U.S. , trust on it to bill patients agree to what their health insurance benefit Trachinotus falcatus .
That size presents a particular risk . U.S. antitrust functionary unsuccessfully litigate to block UnitedHealth from buying Change Healthcare and merging it with its healthcare subordinate Optum , argue that UnitedHealth would get an unfair competitive advantage by gaining admittance to “ about half of all Americans ’ wellness indemnity claims occur each twelvemonth . ”
For its part , Change Healthcare has repeatedly quash saying so far whether patient data point has been compromised in the cyberattack . That has not relieve healthcare executives who worry that the information - tie in side effect of the cyberattack is yet to come .
Ina March 1 varsity letter to the U.S. authorities , the American Medical Association warned of “ pregnant data concealment care ” amid fears that the incident “ caused extensive breaches of patient role and Dr. entropy . ” AMA President of the United States Jesse Ehrenfeld wasquoted by reportersas saying that Change Healthcare has provided “ no clarity about what data was compromised or stolen . ”
One cybersecurity theater director at a tumid U.S. hospital organisation differentiate TechCrunch that though they are in even striking with Change and UnitedHealth , they have heard nothing so far about the security or integrity of patient record . The cybersecurity music director expressed alarm at the candidate of the hacker potentially publish the steal tender patient data online .
This someone said that Change ’s communication , which have gradually escalated from suggesting that information might have been exfiltrated , all the way up to acknowledging an active investigation with several incident response house , suggest it ’s just a matter of sentence before we hear how much has been stolen , and from whom . Customers will bear part of the gist of this taxicab , this individual said , require not to be quoted by name as they are not authorized to speak to the insistence .
Ransomware gang pulls “exit scam”
Now , the hackers seem to have disappeared , add up to the unpredictability of the situation .
UnitedHealth ab initio attributed the cyberattack tounspecified administration - backed hackers , but afterwards walk back that title and subsequentlypointed the inculpation at the Russia - based ransomware and extortion cybercrime groupcalled ALPHV ( also roll in the hay as BlackCat ) , which has no known links to any government .
Ransomware and extortion gangs are financially actuate andtypically employ double - extortion manoeuvre , first struggle the victim ’s data with file - encrypting malware , then swipe a copy for themselves and threaten to publish the data online if their ransom requirement is not pay .
On March 3 , an affiliate of ALPHV / BlackCat — in effect a contractor that earns a commission for the cyberattacks they found using the ransomware gang ’s malware — complained in a posting on a cybercrime forum claim that ALPHV / BlackCat gip the affiliate out of their salary . The affiliate exact in the Emily Price Post that ALPHV / BlackCat steal the $ 22 million ransom money that Change Healthcare allegedly paid to decipher their file cabinet and foreclose data point leaking , asfirst reported by seasoned security department viewer DataBreaches.net .
As cogent evidence of their claim , the affiliate providedthe exact crypto wallet addressthat ALPHV / BlackCat had used two days sooner to allegedly get the ransom money . The wallet showed asingle transaction worth $ 22 million in bitcoin at the timeof payment .
The affiliate add together that despite having lost their helping of the ransom money , the stolen data is “ still with us , ” suggesting the aggrieved affiliate still has memory access to ream of stolen sensitive aesculapian and patient data .
UnitedHealth hasdeclined to confirm to reporterswhether it paid the hacker ’ ransom , rather saying the caller is focused on its investigation . When TechCrunch asked UnitedHealth if it altercate the news report that it paid a ransom , a company spokesperson did not respond .
By March 5 , ALPHV / BlackCat ’s web site was gone in what researchers believe is an exit scam , where the hacker run off with their novel fate never to be visualise again , or stay miserable and reform later as a new gang .
The gang ’s dark web internet site was supersede with a splatter screen aim to be a law enforcement seizure observance . In December , a globose law of nature enforcement operationtook down portions of ALPHV / BlackCat ’s infrastructurebut the crowd returned and presently commence point raw victims . But this prison term , security researcherssuspectedthegang ’s own deceit at play , rather than another lawful takedown effort .
A spokesperson for the U.K. National Crime Agency , which was necessitate in the initial ALPHV / BlackCat ’s disruption surgical procedure last year , told TechCrunch that ALPHV / BlackCat ’s ostensibly seize site “ is not a result of NCA activity . ” Other global law enforcement federal agency alsodenied involvementin the chemical group ’s sudden fade .
It ’s not uncommon for cybercrime gangs to reform or rebrand as a way to pour forth reputational issues , the sort of thing one might do after being busted by law enforcement action or making off with an affiliate ’s unlawful earnings .
Even with a defrayal made , there is no warrantee that the hackers will delete the data . A recent global law enforcement legal action aimed at interrupt the fertile LockBit ransomware operation found thatthe cybercrime gang did not always delete the victim ’s dataas it claimed it would if a ransom was paid . Companies have begun to acknowledge thatpaying a ransom money does not vouch the return of their files .
For those on the front - line of health care cybersecurity , the worst - case scenario is that stolen patient role record become public .
The patient safety and economical shock of this are going to be felt for years , the hospital cybersecurity manager severalize TechCrunch .
Do you work at Change Healthcare , Optum or UnitedHealth and sleep with more about the cyberattack ? Get in touch on Signal and WhatsApp at +1 646 - 755 - 8849 , orby e-mail . you’re able to also send files and papers viaSecureDrop .
US wellness tech giant Change Healthcare hit by cyberattack
