Malware
Discover the Medical Data Exposed: Change Healthcare Reveals Impact of Ransomware Attack
Discover the extent of the ransomware attack on Change Healthcare, which targeted medical data. Learn about the types of information stolen and the measures taken by the company to prevent future incidents. Stay informed on cybersecurity threats in the healthcare industry.
UnitedHealth has recently confirmed the extent of the damage caused by the massive Change Healthcare ransomware attack. The company revealed that a significant amount of medical and patient data was stolen, with breach notifications set to go out in July.
Last week, UnitedHealth published a data breach notification, stating that a “substantial quantity of data” for a “substantial proportion of people in America” had been exposed. The exact number of affected individuals remains unknown, but UnitedHealth CEO Andrew Witty mentioned during a congressional hearing that “maybe a third” of all Americans’ health data might have been exposed.
The stolen data includes a wide range of sensitive information, such as:
- Health insurance information (e.g., primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);
- Health information (e.g., medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment);
- Billing, claims, and payment information (e.g., claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due); and/or
- Other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers.
Change Healthcare has stated that the scope of exposed data may vary for each individual and that patients’ complete medical histories have not been seen in the stolen data.
In a Change Healthcare data breach notification, the company explains the steps they are taking to address the issue and offers resources for those who believe their personal data may have been impacted. They also mention that they are providing two years of complimentary credit monitoring and identity theft protection services for affected individuals.
Change Healthcare plans to mail formal data breach notification letters starting in late July. However, they might not have mailing addresses for all impacted individuals. In the meantime, those affected can visit changecybersupport.com for more information and instructions on how to sign up for free credit monitoring and learn about potential risks associated with the stolen data.
The Change Healthcare ransomware attack
The data breach notifications are a result of a February ransomware attack on UnitedHealth subsidiary Change Healthcare, during which attackers stole 6 TB of data from the company. This attack caused significant disruptions in the US healthcare system, preventing doctors and pharmacies from filing claims. Pharmacies, in particular, were affected heavily, as they could not process insurance claims or accept discount prescription cards, forcing some patients to pay full price for medications.
The BlackCat (aka ALPHV) ransomware gang carried out the attack, using stolen credentials to log into the company’s Citrix remote access service, which lacked multi-factor authentication. UnitedHealth eventually paid a ransom demand, allegedly $22 million, to the ransomware gang, which was supposed to be split with an affiliate who conducted the attack. However, the BlackCat operation shut down and kept the entire payment for themselves.
The angered affiliate announced that they still possessed Change Healthcare’s data and had not deleted it as promised. They began leaking some of the stolen data on the RansomHub data leak site, demanding additional payment to prevent further releases. Eventually, the entry for Change Healthcare disappeared from the RansomHub website, suggesting that United Health may have paid a second ransom demand.
United Health estimates that the Change Healthcare ransomware attack has caused $872 million in losses as of April, a figure that will likely increase once all investigations and remediations are completed.
As an IT services provider focused on cybersecurity, we understand the importance of protecting sensitive data and staying informed about the latest threats. The Change Healthcare ransomware attack is a stark reminder of the need for robust security measures and education on potential risks.
We encourage you to stay vigilant and continue learning about cybersecurity best practices to protect your personal and business data. If you have any concerns or questions about your cybersecurity, don’t hesitate to contact us or keep coming back to learn more.
Malware
Schneider Electric Confirms Dev Platform Breach: Hacker Seizes Sensitive Data in Bold Cyberattack
Schneider Electric has confirmed that its developer platform suffered a data breach, resulting in unauthorized access to product security vulnerability details. The breach was discovered on 10 August, after a hacker claimed to have stolen the data. Schneider Electric is working with security researchers to identify the individual responsible and the extent of the breach.
Imagine waking up one morning to find out that your entire database has been hacked, and critical information is now held hostage by a group of cybercriminals. That’s precisely what happened to Schneider Electric, a French multinational corporation known for its energy and automation products.
Unauthorized access to Schneider Electric’s data
A threat actor, who goes by the name “Grep,” recently taunted Schneider Electric on X, indicating they had breached the company’s systems. They claimed to have accessed Schneider Electric’s JIRA server using exposed credentials and scraped 400k rows of user data, including 75,000 unique email addresses and full names of the company’s employees and customers.
Schneider Electric confirmed the breach, stating that they were investigating a cybersecurity incident involving unauthorized access to one of their internal project execution tracking platforms. The company assured that its products and services remain unaffected by the breach.
A new hacking group emerges
Grep revealed to us that they had recently formed a new hacking group called the International Contract Agency (ICA), named after the game Hitman: Codename 47. Initially, the group didn’t extort companies they breached. However, upon discovering that the “ICA” name was associated with a group of Islamic terrorists, the threat actors rebranded themselves as the Hellcat ransomware gang and began developing an encryptor for future extortion attacks.
Extortion demands and a history of breaches
Grep is now extorting Schneider Electric, demanding $125,000 not to leak the stolen data and half of that amount if the company releases an official statement. This isn’t the first time Schneider Electric has faced a cybersecurity breach. Earlier this year, its “Sustainability Business” division fell victim to a Cactus ransomware attack, where the threat actors claimed to have stolen terabytes of data.
Don’t let this happen to you
As technology advances, so do the methods and tactics employed by cybercriminals. It’s essential to take cybersecurity seriously and invest in the right tools and strategies to protect your valuable data. Don’t wait until you become the next Schneider Electric. Instead, take action now to secure your digital assets and prevent a potential breach.
Keep coming back to learn more about the latest cybersecurity trends, tips, and best practices. We’re here to help you stay informed and protect your business from the ever-evolving world of cyber threats.
Malware
Cisco Ensures DevHub Site Leak Won’t Empower Future Breaches
Cisco has assured customers that a recent data leak from its DevHub site will not enable future cyber breaches. The leak exposed sensitive information, including users’ API keys, but Cisco has taken the necessary steps to mitigate the potential risks and protect its users’ security.
Recently, a threat actor managed to download non-public files from a misconfigured public-facing DevHub portal. Although this sounds alarming, we want to reassure you that the exposed documents do not contain information that could be exploited in future breaches of our systems.
What exactly was exposed?
Upon analyzing the exposed documents, we found that their contents include data that we publish for customers and other DevHub users. However, files that shouldn’t have been made public were also available, some belonging to CX Professional Services customers.
“So far, in our research, we’ve determined that a limited set of CX Professional Services customers had files included and we notified them directly,” we said.
Our teams have worked diligently to assess the content of those files. We want to emphasize that we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.
What actions have we taken?
We have since corrected the configuration and restored public access to the DevHub site. Additionally, we’ve confirmed that web search engines did not index the exposed documents.
This update comes after we confirmed last month that we took our public DevHub site offline (a resource center for customers where we publish software code, templates, and scripts) after a threat actor leaked what we described at the time as “non-public” data.
It’s important to note that we found no evidence that any financial data or personal information had been exposed or stolen from the public DevHub portal before it was taken offline.
What about the alleged access to a developer environment?
The threat actor behind the leak, IntelBroker, claimed that they also gained access to a Cisco JFrog developer environment through an exposed API token. While we maintain that our systems haven’t been breached, information shared by the threat actor indicates that they also breached a third-party development environment, allowing them to steal data.
We’ve been contacted with further questions about IntelBroker’s claims, but we have not replied as of yet.
What’s the takeaway from all of this?
While the exposure of non-public files is a concern, we want to reiterate that the information contained within those files does not put our systems at risk for future breaches. We have taken the necessary steps to correct the configuration issues and restore access to our DevHub site, ensuring that such an incident doesn’t occur again.
As always, your security is our top priority. We encourage you to reach out to us with any questions or concerns, and keep coming back to learn more about how we’re working to protect your data and keep you safe.
Malware
Interbank Admits to Data Breach After Unsuccessful Extortion Attempt and Massive Information Leak
Peruvian Interbank confirms a data breach after refusing to pay extortion demands. The hackers leaked customer information, but the bank assures no financial data was compromised. Interbank warns clients of potential phishing attacks and urges them to be cautious when providing personal information.
Imagine waking up one day to find your personal and financial information plastered all over the internet. It’s a nightmare scenario, isn’t it? Well, that’s precisely what happened to a group of customers at Interbank, one of Peru’s leading financial institutions, which serves over 2 million people.
Interbank confirms data breach
Interbank recently confirmed that a data breach occurred, with a hacker gaining unauthorized access to its systems and leaking stolen data online. The bank immediately deployed additional security measures to protect its clients’ operations and information. While their online platforms and mobile app experienced temporary outages, Interbank has assured customers that their deposits are safe and that most of their operations are back online.
Stolen data for sale on hacking forums
As if the breach wasn’t bad enough, a threat actor with the handle “kzoldyck” has been spotted by Dark Web Informer selling the stolen data on several hacking forums. The data in question includes customers’ full names, account IDs, birth dates, addresses, phone numbers, email addresses, IP addresses, and sensitive financial information like credit card numbers, CVV codes, and even plaintext credentials.
The hacker claims to have information on more than 3 million customers, with a total data cache of over 3.7 terabytes. They also mention possessing internal API credentials, LDAP, and Azure credentials. It’s worth noting that the hacker reportedly attempted to extort Interbank’s management two weeks prior, but the bank refused to pay.
So, what can you learn from this?
As a U.S. reader, you might be thinking, “That’s terrible, but it’s in Peru, so it doesn’t affect me.” Unfortunately, that’s not the case. Cybersecurity threats know no borders, and hackers are constantly seeking out new targets. In fact, data breaches have become increasingly common in recent years, with a 2021 report from the Identity Theft Resource Center showing a 17% increase in publicly reported data breaches in the U.S. compared to 2020.
This case serves as a stark reminder that no one is immune to the dangers of cyber threats. It’s essential to stay vigilant and educate yourself on how to protect your personal and financial information. Consider working with IT Services who can provide you with guidance and resources to stay one step ahead of the hackers.
Don’t let this happen to you
Be proactive in safeguarding your data and take the necessary steps now to protect your information. Reach out to us at IT Services to learn more about how we can help you and your business stay safe in this digital age. Remember, the best defense is a good offense, so don’t wait for a data breach to happen before taking action.
-
Malware1 year ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware1 year ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations12 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Data Protection Regulations12 months ago
Top 11 Data Protection Training Programs for Compliance
-
Security Audits and Assessments12 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations12 months ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations12 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments12 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist