Healthcare Cybersecurity – Update on UnitedHealthcare Breach – Lessons Learned

UnitedHealth Group confirmed that it has paid a ransom demanded by hackers who struck its Change Healthcare insurer unit in February.

The company also acknowledged that files containing personal information had been stolen in the breach that threw hundreds of medical facilities, physicians and pharmacies into financial and operational chaos.

UnitedHealth did not reveal the amount of the ransom payment nor the method in which it was paid. Some $22 million in bitcoin has been rumored — and reportedly stamped by blockchain data — that UnitedHealth is said to have paid to unlock its systems and safeguard patient data. In a recent Q1 SEC filing, UnitedHealth reported that the ransomware strike cost it $872 million in the first quarter of 2024 and projected the overall financial impact could run to $1.6 billion. It’s the first time the company has made any type of disclosure as to the material impact of the cyberattack.

UnitedHealth said that 22 screenshots, allegedly of PII and PHI data, were posted on the dark web for about a week. So far, no additional data has appeared. At this point, UnitedHealth said it had not seen evidence of doctors’ charts or full medical histories among the data.

Cybersecurity researcher Jeremiah Fowler has previously told CNBC that on the dark web medical records sell for $60 compared to $15 for a Social Security number and $3 for a credit card.

The company projected that it will take “several months of continued analysis” before it will be able to notify customers and individuals if they’ve been impacted by the hack. UnitedHealth said it will “reach out to stakeholders when there is sufficient information for notifications and will be transparent with the process.”

UnitedHealth previously said it has funneled some $6 billion in advance funding and loans to support care providers related to the ransomware strike.

Protecting healthcare organizations from cybersecurity attacks requires a comprehensive and multi-layered approach. Here are steps to enhance cybersecurity in the healthcare sector:

1. Risk Assessment and Management:

2. Employee Training and Awareness:

3. Implement Strong Access Controls:

4. Secure Endpoint Devices:

5. Network Security Measures:

6. Data Encryption and Privacy Protection:

7. Incident Response Planning:

8. Vendor Risk Management:

9. Regulatory Compliance:

10. Continuous Monitoring and Improvement:

By implementing these cybersecurity measures and adopting a proactive approach to security, healthcare organizations can strengthen their defenses against cyber attacks, safeguard patient data and privacy, and maintain trust and confidence in the integrity and security of their services.

To learn more please contact sales@xenexSOC.com.