Change Healthcare Breach Affects 100M Americans; Senators Push for Tougher Cybersecurity Laws
Change Healthcare has experienced a significant data breach, affecting around 100 million Americans. The incident, which occurred in February 2024, involved the theft of health data, billing records, personal data, and insurance data. The breach was due to a ransomware attack exploiting stolen or purchased credentials for a Citrix portal with no multi-factor authentication.
The stolen data, amounting to at least four terabytes, was exfiltrated by the cybercriminal group ALPHV and BlackCat, with whom Hunters International partnered. Change Healthcare's parent firm, UnitedHealthcare, incurred substantial costs, totalling $3.978 billion in nine months, including $1.521 billion in direct response costs.
Affected individuals are advised to place a security freeze on their credit files to prevent identity theft. Change Healthcare is offering two years of credit monitoring and identity theft protection services. Meanwhile, Sens. Mark Warner and Ron Wyden have introduced a bill to enforce tougher cybersecurity standards for healthcare providers and remove the existing HIPAA fine cap.
Change Healthcare paid $22 million to the BlackCat ransomware group, but the data was later offered for sale by another group, RansomHub. The breach highlights the importance of robust cybersecurity measures, including multi-factor authentication, in protecting sensitive health insurance data. The proposed legislation aims to strengthen healthcare providers' cybersecurity standards to prevent such incidents in the future.
Read also:
- Inadequate supply of accessible housing overlooks London's disabled community
- Strange discovery in EU: Rabbits found with unusual appendages resembling tentacles on their heads
- Duration of a Travelling Blood Clot: Time Scale Explained
- Fainting versus Seizures: Overlaps, Distinctions, and Proper Responses
