Hackers Were in Change Healthcare 9 Days Before Attack
Hackers were reportedly in the networks of UnitedHealth Group’s Change Healthcare unit for days before launching their ransomware strike.
They gained entry to the networks on Feb. 12, using compromised credentials on an application that allows staff to remotely access systems, The Wall Street Journal (WSJ) reported Monday (April 22).
During the nine days they were in the system before launching the attack on Feb. 21, they may have been able to steal “significant” amounts of data, Seeking Alpha reported Monday, citing a WSJ article.
Change Healthcare posted its first update reporting connectivity issues Feb. 21, saying that “some applications are currently unavailable” and that the company was triaging the issue.
On April 16, UnitedHealth Group CEO Andrew Witty said during an earnings call that the cyberattack cost the company $872 million.
Witty said that the incident “was straight out an attack on the U.S. health system and designed to create maximum damage,” adding: “I think we’ve got through that very well in terms of the remediation and the build back to functionality.”
In the wake of that attack, the federal government announced it is offering a $10 million reward to help identify the people behind the organization that launched the attack: the ransomware-as-a-service group ALPHV BlackCat.
In addition, U.S. Sen. Mark R. Warner, D-Va., introduced a bill that would accelerate Medicare payments to healthcare providers that have suffered a cyberattack.
The bill, the “Health Care Cybersecurity Improvement Act of 2024,” is meant to incentivize cybersecurity in the healthcare industry.
“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” Warner said in a March 22 press release announcing the introduction of the bill. “This legislation would provide some important financial incentives for providers and vendors to do so.”
PYMNTS Intelligence has found that 82% of eCommerce merchants endured cyber or data breaches in the last year. Forty-seven percent of those merchants said the breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a PYMNTS Intelligence and Nuvei collaboration.