Change Healthcare begins to restore service after cyberattack – as lawsuits begin

As it begins to recover from the Change Healthcare cyberattack, UnitedHealth Group said this week that it is enabling its Rx Connect, Rx Edit and Rx Assist services for customers who have configured direct internet access connectivity.

UnitedHealth also offered what it says is a timeline for full restoration of Change Healthcare’s services.

“We expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week,” the company said in an announcement posted to its website about the cyberattack, which began on February 21.

Here’s a roundup of other news related to the weeks-long attack – including a new wave of lawsuits from customers impacted by the breach, news on BlackCat ransomware group’s current status and expert perspective on why UnitedHealth may have paid the ransom.

ALPHV fakes left after $22M in Bitcoin paid 

According to Recorded Future News Friday, the Department of Justice, Europol and the U.K. National Crime Agency – all part of a December takedown of BlackCat ransomware – denied any involvement in a new takedown notice posted on ALPHV’s website. 

“This tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny,” Reegun Jayapaul, principal at Trustwave said in the story.

One BlackCat ransomware affiliate reportedly claimed that after getting the $22 million payment, ALPHV leaders shut down and effectively stole the entire ransom from their affiliates to make the Change Healthcare breach their last hurrah.

Ngoc Bui, a cybersecurity expert at the firm Menlo Security told Healthcare IT News by email this week that it’s “highly likely” that ALPHV/BlackCat was responsible for the attack and that “the blog site discussing these matters appears to use a fake seized landing page, possibly indicating an exit scam by hackers.” 

The reason for this is the “ransomware group may have taken the money and deactivated servers to avoid law enforcement attention,” he said.

Patient delays, privacy, pending lawsuits

Meanwhile, Axios reported Wednesday that the first post-cyberattack patient lawsuits are beginning to emerge, focusing on loss of access to vital prescriptions and treatments.

However, the potential to expose data exfiltrated in the attack, which could be 6TB of data, is also a concern for UHG. The cybercriminals alleged that the stolen data includes protected information held by the U.S. military’s Tricare healthcare program, Medicare, CVS Caremark, MetLife, Health Net and others, a Bleeping Computer report said on February 28.

“There are concerns that Change Healthcare’s operations might affect the healthcare data of many Americans, given its extensive services and expertise in processing healthcare data,” Bui noted.

Stolen data could have far-reaching effects down the line.

“Healthcare information is the most sought after and highest resalable data by attackers and on the dark web because it can be used in so many ways to perpetrate fraud,” noted Kurt Osburn, director of risk management and governance at NCC Group, a global cybersecurity consulting firm, in a statement sent by email.

Protecting assets and information is expensive, and takes additional staff and managed services, he said. Most healthcare organizations fail to implement risk-analysis and risk-mitigation tools due to costs.

Michael McLaughlin, principal and cybersecurity and data privacy practice group coleader at the legal firm Buchanan Ingersoll and Rooney, said in an email Thursday that while UHG, which owns Optum’s Change Healthcare, has not disclosed the full extent of the data breach, one class-action suit alleges the types of data exfiltrated.

The suit, filed in federal court in Minnesota, claims the ransomware group took personally identifiable information, medical records, dental records, payment information, claims information, patients’ information (i.e. phone numbers, addresses, Social Security numbers and email addresses), insurance records, patient health information and more. 

McLaughlin said that the suit bases the data on the group’s claims about its role in the Change cyberattack, and advised taking it with grains of salt.

“I would urge caution in relying on statements of the ransomware actor about the types of data impacted,” he wrote. The ransomware actor likely sampled files indicating sensitive information may be contained within “and based their statement on that cursory review,” he said.

“This is in no way representative of the data as a whole,” said McLaughlin.

Breach magnitude? Too soon to tell

“UHG paying the ransom is not indicative of the sensitivity of the data,” McLaughlin said.

He explained that he believed that UHG’s decision to pay likely was primarily driven by the need to resume business operations as quickly as possible “rather than to protect the data from further exposure.”

Widespread reports of providers straining in the outage have a number of organizations, like the American Medical Association, appealing to lawmakers in Washington, D.C., to release emergency funds to protect providers nationwide from the financial fallout.

UHG is likely investigating the full scope of the incident trying to understand the individuals impacted and the types of data involved, McLaughlin said. 

It’s a resource-intensive process requiring advanced data mining and manual human review of “potentially millions of files.”

“We will not know the full scope of the data involved until this process is complete and UHG conducts its notifications of impacted individuals, in accordance with state laws and federal regulations,” he said.

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS Media publication.

Source link


gaitQ and machineMD secure million dollar research grant to monitor Parkinson’s development in UK and Switzerland

Oxford-based medical technology start-up gaitQ and Swiss medical device company machineMD have announced the joint award of a million dollar research grant from Innovate UK and Innosuisse to enable the collection and analysis of critical movement data from people with Parkinson’s (PwP). The grant will fund an 18-month research project that will record movement data […]

Read More

Take-Two plans to lay off 5 percent of its employees by the end of 2024

Take-Two Interactive plans to lay off 5 percent of its workforce, or about 600 employees, by the end of the year, as reported in an SEC filing Tuesday. The studio is also canceling several in-development projects. These moves are expected to cost $160 million to $200 million to implement, and should result in $165 million […]

Read More

10 tips to avoid planting AI timebombs in your organization

At the recent HIMSS Global Health Conference & Exhibition in Orlando, I delivered a talk focused on protecting against some of the pitfalls of artificial intelligence in healthcare. The objective was to encourage healthcare professionals to think deeply about the realities of AI transformation, while providing them with real-world examples of how to proceed safely […]

Read More