Coupang and the Horrible, No Good, Very Bad Data Breach South Korea's data protection watchdog told e-commerce giant Coupang to stop publishing its "self-investigation" findings into a massive data breach and

Coupang, South Korea's largest online retailer was breached 2 months ago exposing #data of 33.7M of the 52M population rivaling #ChangeHealthcare has provoked a rebuke from regulators, earn the ire of consumer advocates & draw questions from lawmakers. www.healthcareinfosecurity.com/coupang-horr...

Family Health West cyberattack forces Colorado hospital systems offline Family Health West in Fruita shut down systems after an Oct. 28 cyberattack; care continued on workflows and no evidence of data loss was found.

Family Health West cyberattack forces Colorado hospital systems offline #Cyberattack #Fruita #Colorado #FamilyHealthWest #Healthcare #ChangeHealthcare #cybersecurity dysruptionhub.com/family-health-west-cyber...

Over 190 million hit in UnitedHealth data breach — confirmed largest in history Worst health care data breach in history affects more than a third of all Americans

Over 190 million hit in UnitedHealth data breach — confirmed largest in history

last year’s #databreach at UnitedHealth was said to be 100 million. Updated numbers put it at 192 million people impacted

#UnitedHealth #ChangeHealthcare #healthcare #security #cybersecurity #hackers #hacking #hacked

Weak Links in Healthcare Infrastructure Fuel Cyberattacks   Increasingly, cybercriminals are exploiting systemic vulnerabilities in order to target the healthcare sector as one of the most frequently attacked and vulnerable targets in modern cybersecurity, with attacks growing both in volume and sophistication. These risks go well beyond the theft of personal information - they directly threaten the integrity and confidentiality of critical medical services and patient records, as well as the stability of healthcare operations as a whole.  There has been an increase in threat actors targeting hospitals and medical institutions due to the outdated infrastructure and limited cybersecurity resources they often have. Threat actors are targeting these organisations to exploit sensitive health information and disrupt healthcare delivery for financial or political gain. The alarming trend reveals that there is an urgent and critical security issue looming within the healthcare industry that needs to be addressed immediately.  Such breaches have the potential to have catastrophic consequences, from halting life-saving treatments due to system failures to eroding patients' trust in healthcare providers. Considering the rapid pace at which the digital transformation is taking place in healthcare, it is important that the sector remains committed to robust cybersecurity strategies so as to safeguard the welfare of its patients and ensure the resilience of essential medical services in the future.  BlackCat, also referred to as ALPHV, is at the centre of a recent significant cybersecurity incident. In recent months, it has gained prominence as a highly organised, sophisticated ransomware group that has been linked to the high-profile attack on Change Healthcare. As a result of the infiltration of the organisation's IT infrastructure and the theft of highly sensitive healthcare data by the group, the group has claimed responsibility for obtaining six terabytes of data. As a result of this breach, not only did it send shockwaves throughout the healthcare sector, but it also highlighted the devastating power of modern ransomware when targeting critical systems. It has been reported that the attack was triggered by known vulnerabilities in ConnectWise's ScreenConnect remote access application, a tool that is frequently employed in many industries, including healthcare, as a remote access tool.  Having this connection has given rise to more concern about the broader cybersecurity risks posed by third-party vendors as well as software providers, showing that even if one compromised application is compromised, it can lead to widespread data theft and operational disruption as a result. This incident has served as a stark reminder that digital ecosystems in healthcare are fragile and interconnected, with a breach in one component leading to cascading effects across the entire healthcare service network.  There is a growing concern in the healthcare sector that, as investigations continue and new details emerge, healthcare providers are still on high alert, coping with the aftermath of the attack as well as the imperative necessity of strengthening their defensive infrastructure in order to prevent similar intrusions in the future. As one of the most frequently targeted sectors of the economy by cybercriminals, healthcare continues to be one of the most highly sensitive data centres in the world.  It is important to note that even though industry leaders often fail to rank cybersecurity as one of their top challenges, Mike Fuhrman, CEO of Omega Systems, pointed out that despite this growing concern, there are already significant consequences resulting from insufficient cyber risk management, including putting patient safety at risk, disrupting care delivery, and making compliance with regulations even more difficult. Even though perceived priorities are not aligned with actual vulnerabilities, this misalignment poses an increasing and significant risk for the entire healthcare system.  Fuhrman stressed the necessity of improving visibility into security threats and organisational readiness, as well as increasing cybersecurity resources, to bridge this gap. As long as healthcare organisations fail to take proactive and comprehensive steps to ensure cyber resilience, they may continue to experience setbacks that are both detrimental to operational continuity as well as eroding public trust, as well as putting patient safety at risk.  As cybersecurity has become more and more important to the leadership, it has never been more important to elevate it from a back-office issue to an imperative. As a result of the growing number of cyberattacks targeting the healthcare sector in the past few years, the scale and frequency of these attacks have reached alarming levels. According to the Office for Civil Rights (OCR), the number of security breaches reported by the healthcare industry between 2018 and 2023 has increased by a staggering 239%. Over the same period, there was a 278% increase in ransomware incidents, which suggests that cybercriminals are increasingly looking for disruptive, extortion-based attacks against healthcare providers as a means of extorting money.  There is a likelihood that nearly 67% of healthcare organisations will have been attacked by ransomware at some point shortly, which indicates that such threats are no longer isolated events but rather a persistent and widespread threat. According to experts within the health care industry, one of the primary contributing factors to this vulnerability is the lack of preparedness at all levels. In fact, 37% of healthcare organisations do not have an incident response plan in place, leaving them dangerously vulnerable to ever-evolving cyberattacks.  Health care institutions are appealing to malicious actors because they manage a huge amount of valuable data. Cybercriminals and even nation-state threat actors are gaining an increasing level of interest in electronic health records (EHRs), which contain comprehensive information about patient health, financial health, and medical history. As a result of outdated cybersecurity protocols, legacy IT infrastructure, and operational pressures of high-stress environments, these records are frequently inadequately protected due to the likelihood that human error will occur more often. These factors together create an ideal storm for exploitation, making the healthcare industry a very vulnerable and frequently targeted industry in today's digital threat landscape. Despite the growing frequency and complexity of cyberattacks, healthcare organisations face a critical crossroads as 2025 unfolds. Patient safety, data security, and regulatory compliance all intersect at the same time, resulting in a crucial crossroads more than ever before. Enhancing cyber resilience has become a strategic priority and a fundamental requirement, not just a strategic priority.  Healthcare institutions must proactively adopt forward-looking security practices and technologies to secure sensitive patient data and ensure continuous care delivery. As a key trend influencing the healthcare cybersecurity landscape, zero-trust architectures are a growing trend that challenges traditional security models by requiring all users and devices to be verified before they are allowed access.  In a hyperconnected digital environment where cyber threats exploit even the most subtle of system weaknesses, a model such as this is becoming increasingly important. IoT devices are becoming increasingly popular, and many of them were not originally designed with cybersecurity in mind, so we must secure them as soon as possible. Providing robust protections for these devices will be crucial if we are to reduce the attack surfaces of these devices.  AI has been rapidly integrated into healthcare, and it has brought new benefits as well as new vulnerabilities to the healthcare sector. In order for organisations to meet emerging risks and ensure a responsible deployment, they must now develop AI-specific safety frameworks. Meanwhile, the challenge of dealing with technological sprawl, an increasingly fragmented IT environment with disparate security tools, calls for a more unified, centralised cybersecurity management approach. A good way to prepare for 2025 is to install core security measures like multi-factor authentication, strong firewalls, and data backups, as well as advanced measures like endpoint detection and response (EDR), segmentation of the network, and real-time AI threat monitoring. In addition to strengthening third-party risk management, it will also be imperative to adhere to global compliance standards like HIPAA and GDPR. There is only one way to protect both healthcare infrastructure and the lives that are dependent on it in this ever-evolving threat landscape, and that is by implementing a comprehensive, proactive, and adaptive cybersecurity strategy. Healthcare organisations must take proactive measures rather than reactive measures and adopt a forward-looking mindset so they can successfully navigate the increasing cybersecurity storm.  Embedding cybersecurity into healthcare operations' DNA is the path to ensuring patient safety, operational resilience, and institutional trust in healthcare organisations, not treating it as a standalone IT concern, but as a critical pillar of patient safety, operational resilience, and institutional trust in healthcare organisations. To achieve this, leadership must take the initiative to champion security from the boardroom level, integrate threat intelligence into strategic planning, and invest in people and technology that will be able to anticipate, detect, and neutralise emerging threats before they become a major issue. As part of the process of fostering cyber maturity, it is also essential to cultivate a culture of shared responsibility among all stakeholders, ranging from clinicians to administrative personnel to third-party vendors, who understand the importance of keeping data and systems secure.  Training on cybersecurity hygiene, cross-functional collaboration, and continuous vulnerability assessment must become standard operating procedures in the healthcare industry. As attackers become more sophisticated and bold, the costs of inaction do not stop at regulatory fines or reputational damage. Rather, inaction may mean interruptions of care, delays in treatments, and the risk to human life.  Only organisations that recognise cybersecurity as a strategic imperative will be in the best position to deliver uninterrupted, trustworthy, and secure care in an age when digital transformation is accelerating. This is a sector that is built on the pillars of trust, a sector that offers life-saving services, which does not allow for room for compromise. They have to act decisively, investing today in the defensive measures that will ensure the future of their industry.

Weak Links in Healthcare Infrastructure Fuel Cyberattacks #ALPHV #ChangeHealthcare #CyberAttacks

So, Massachusetts GIC is not going to pay anyone for 6+ weeks because they ran out of money, but hopefully, eventually they’ll be able to pay us?
How many medical businesses will go out of business? This is a 1-2 punch after the #ChangeHealthcare debacle.
#MedSky

One Year Later: #Cybersecurity Lessons From #ChangeHealthcare Breach

#generativeai #agenticai #digitaltransformation

www.forbes.com/councils/for...

From a local family practice: #unitedhealthcare #optum #changehealthcare #uhc #insurance #usahealthcare

This is what I got this morning when I tried to log into my (previous) #healthInsurance company's website (which uses #Optum's "Healthsafe ID" for authentication) after 9am to submit a claim from last month (before we switched to new insurance).
It's of […]

[Original post on federate.social]

UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach | TechCrunch The number of individuals confirmed to be affected by the data breach is almost double the company's previous estimate.

UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.

#ChangeHealthcare #UnitedHealth #healthcare #ransomware #malware #security #cybersecurity #infosec #hackers #hacking #hacked

UnitedHealth hid its Change Healthcare data breach notice for months | TechCrunch The ransomware attack on Change Healthcare affected over 100 million Americans, the health giant told regulators.

TechCrunch’s review of the breach notice’s web page source code reveals #ChangeHealthcare included “noindex” code, which tells search engines to ignore the web page

#UnitedHealth #ransomware #malware #healthcare #security #cybersecurity #infosec #hackers #hacking #hacked

Change Healthcare data breach exposed the private data of over half the U.S. The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected.

チェンジヘルスケアのデータ侵害により、米国の半数以上の個人データが流出

Change Healthcare data breach exposed the private data of over half the U.S. #SecurityAffairs (Jan 26)

#ChangeHealthcare #データ侵害 #個人情報流出 #ランサムウェア攻撃 #信用監視サービス

Here are 7 financial figures on the #ChangeHealthcare hack in 2024
$3.09B Total impact
$2.2B Direct response costs
$867M Business disruptions
$2.60: Total impact per share of UHG
1%: Decline in revenue - Optum Insight
$9.03M: Direct loans to affected healthcare providers
$4.5M Loans that were repaid

How a Large Healthcare Company Slashed Their Secrets Incidents by Half Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.

大手ヘルスケア企業が機密漏洩事件を半減させた方法

How a Large Healthcare Company Slashed Their Secrets Incidents by Half #SecurityBoulevard (Jan 16)

#ChangeHealthcare #ランサムウェア #セキュリティ強化 #多要素認証 #ネットワークセグメンテーション

New Health Cybersecurity Rule: What Docs Should Know A proposed federal rule would require hospitals and physicians’ groups to beef up health cybersecurity measures to protect patient privacy and prevent ransomware attacks. Some changes could be expensi...

Holiday drop from #HHS: proposed reg to enhance #privacy of electronic health information. What does it mean for physician offices? My story for @medscape.com

#Medsky #HIPAA #cybersecurity #ChangeHealthcare #databreach

These were the badly handled data breaches of 2024 | TechCrunch Blaming victims, months of silence, and suing security researchers all featured in cybersecurity in 2024.

These were the badly handled data breaches of 2024

#publicrelations #23andMe #ChangeHealthcare #UnitedHealth #Synnovis #Snowflake #Ohio #SaltTyphoon #AT&T #moneygram #HotTopic #securtiy #cybersecurity #hackers #hacking #hacked

CONSUMER FIRST ALERT: Viewers receive health care data breach letters You probably don’t know Change Healthcare, but you would know the doctors, insurance plans or health companies that are their clients.

Did you get a notice about the Change Healthcare data breach? Here are 6 things experts recommend you do next.

#ChangeHealthcare #DataBreachTips

Os Piores Mashs de 2024

#Cibersegurança #Mashing #Ransomware #Espionagem #VazamentosDeDados #Privacidade #Criptomoeda #ChangeHealthcare #Snowflake #Potatocrime

Os Piores Hacks de 2024 - Tecnocrata …

Os Piores Hacks de 2024

#Cibersegurança #Hacking #Ransomware #Espionagem #VazamentosDeDados #Privacidade #Criptomoeda #ChangeHealthcare #Snowflake #Cybercrime

CONSUMER FIRST ALERT: Viewers receive health care data breach letters You probably don’t know Change Healthcare, but you would know the doctors, insurance plans or health companies that are their clients.

Did you get a notice about the Change Healthcare data breach? Here are 6 things experts recommend you do next.

#ChangeHealthcare #DataBreachTips

Nebraska sues Change Healthcare over security failings that led to medical data breach of over 100 million Americans | TechCrunch New details emerged about the Change Healthcare ransomware attack in Nebraska's complaint.

Nebraska sues Change Healthcare over security failings that led to medical data breach of over 100 million Americans

#Nebraska #UnitedHealth #ChangeHealthcare #healthcare #insurance #legal #databreach #security #cybersecurity #infosec #hackers #hacking #hacked

Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack The 29-page filing alleges violations of Nebraska’s consumer protection and data security laws and says Change Healthcare — which is owned by UnitedHealth Group (UHG) — failed to implement proper…

ネブラスカ州司法長官、ランサムウェア攻撃後のデータ盗難でチェンジ・ヘルスケアとユナイテッドヘルスを提訴

Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack #TheRecord (Dec 18)

#ChangeHealthcare #ランサムウェア攻撃 #データ漏洩 #ネブラスカ州 #医療セキュリティ

#CHANGEHealthcare &#UnitedHealthcare have sat on this information since February of 2024 without notice to those affected. Oh, they are offering credit monitoring NOW, but they left us vulnerable for 10 MONTHS. Shame on them and the Doctors who knew sooner and said nothing to patients.

MSN

www.msn.com/en-us/news/c... Dont worry Luigi we all bangn wit u. #freeluigi #supportluigi #changehealthcare

Change Healthcare Data Breach Settlement Talks Due to Commence Attorneys for the plaintiffs and defendants are due to meet soon to discuss the possibility of a settlement to resolve the consolidated Change Healthcare The latest news and updates from the Change He...

Terrified to see how much this is going to cost #Optum and #UnitedHealthcare for the #ChangeHealthcare data breach. More than 100 million individuals involved. 😳

UnitedHealthcare executive fatally shot in Manhattan, reports say Brian Thompson, the CEO of UnitedHealth's insurance unit, was fatally shot in the chest on Wednesday morning outside the Hilton hotel in midtown Manhattan, the NY Post and Bloomberg reported, citing police sources.

I had written an op-ed about the data hack of #UnitedHealth owned #ChangeHealthcare last week. I am shocked by the fatal shooting of United Healthcare CEO Brian Thompson. www.reuters.com/world/us/uni...

United Healthcare’s CEO has been fatally shot this morning in NYC. Police are reporting this as a targeted attack - wonder if this is backlash from the Change Healthcare data breech? 🤔
#changehealthcare #unitedhealth #healthcare

Just got our first Change HealthCare data breach notification letter.

Wow what hot garbage. Poorly written, tortured read and devoid of specifics on what _real_ impact might be. Two more years of free credit monitoring, oh joy, now I’ve got 5 services active.

#dataBreach #changeHealthcare

A major healthcare billing and data system used by 1 in 3 Americans, was hit with a HUGE cyberattack. 100 Million #Americans had their personal info exposed!
Why? 🤔 Because a server was missing a basic security feature!
#changehealthcare #feb21breach #CyberSecurityAwareness

The #ChangeHealthcare #cyberattack affected 100 million people, making it the largest #Healthcare #DataBreach in the country. #cybersecurity