Sharp-eyed @zackwhittaker caught this one:
UnitedHealth hid its Change Healthcare data breach notice for months:
Let's make sure Zack's reporting gets indexed.
The state of Nebraska has sued the healthtech giant "Change Healthcare" over a series of alleged security failings that resulted in a historical data breach
exposing the sensitive health information of at least 100 million Americans.
In a complaint filed this week, Nebraska’s attorney general Mike Hilgers claims #UnitedHealth-owned Change Healthcare failed to implement proper security measures,
leading to what he describes as a “historic” data breach in terms of impact and magnitude.
This comes after it was revealed in October that more than 100 million Americans had their sensitive medical data stolen during a February ransomware attack on Change Healthcare.
This data included personal information such as addresses and phone numbers, health data including diagnoses, medications, treatment plans, and financial and banking data.
Change Healthcare continues to notify affected individuals about the data breach,
and the final number is expected to be higher than 100 million.
Hilgers said in his complaint that Change Healthcare’s
“failures to implement basic security protections”
exacerbated the extent of the cyberattack,
which was attributed to the Russian-speaking #ALPHV #ransomware gang.
The complaint alleges that the healthtech giant had poorly segmented IT systems
that allowed the hackers to travel freely between servers,
and that Change Healthcare had failed to implement multi-factor authentication on its systems,
which meant they could be accessed with just a username and password.
https://techcrunch.com/2024/12/18/nebraska-sues-change-healthcare-over-security-failings-that-led-to-medical-data-breach-of-over-100-million-americans/
US-Zahlungsdienstleister: Krankendaten von 100 Millionen Menschen gestohlen | Security https://www.heise.de/news/Change-Healthcare-Groesstes-Datenleck-im-US-Gesundheitswesen-9998090.html #DigitalHealth #Digitalisierung #digitalization #AlphV #BlackCat #Ransomware #Malware #ChangeHealthcare #UnitedHealth #UnitedHealthGroup #Datenschutz #privacy #DataLeak #Datenleck #DataBreach
Change Healthcare Breach Hits 100M Americans - Change Healthcare says it has notified approximately 100 million Americans that th... https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/ #u.s.departmentofhealthandhumanresources #unitedhealthgroup #latestwarnings #thecomingstorm #sen.markwarner #databreaches #hipaajournal #sen.ronwyden #antheminc. #transunion #ransomhub #blackcat #experian #equifax #alphv #idx
Change Healthcare Breach Hits 100M Americans
https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/
#U.S.DepartmentofHealthandHumanResources #UnitedHealthGroup #LatestWarnings #TheComingStorm #Sen.MarkWarner #DataBreaches #HIPAAJournal #Sen.RonWyden #AnthemInc. #TransUnion #RansomHub #BlackCat #Experian #Equifax #ALPHV #IDX
#UnitedHealth says #ChangeHealthcare hack affects over 100 million, the largest-ever US #healthcare data #breach
In May, CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack.
Today, US Health and Human Services Office for Civil Rights data breach portal updated total number of impacted people to 100M.
#UHG attributed cyberattack to #ALPHV/#BlackCat, #Russia-based #ransomware and extortion gang
https://techcrunch.com/2024/10/24/unitedhealth-change-healthcare-hacked-millions-health-records-ransomware/
UnitedHealth says data of 100M stolen in Change Healthcare hack
https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-hack/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #ALPHV #BlackCat #Change_Healthcare #Data_Breach #Healthcare #Personal_Information #UnitedHealth_Group #virus_removal #malware_removal #computer_help #technical_support
Cicada3301 Ransomware Group Emerges Linked to ALPHV/BlackCat and Brutus Botnet - https://www.redpacketsecurity.com/cicada3301-ransomware-group-emerges-from-the-ashes-of-alphv/
According to a CISA and FBI advisory, Iranian hackers are partnering with ransomware gangs like #ALPHV and others to target the US, UAE, and Israel, and are selling network access to cybercriminals.
#CyberSecurity #Iran #Ransomware #CyberAttack https://hackread.com/iranian-state-hackers-ransomware-gangs-us-attacks/
No honour among ransomware thieves: affiliates' trust craters
Law enforcement action and exit scams have damaged the big gangs' brands
https://www.computing.co.uk/news/4349590/honour-ransomware-thieves-affiliates-trust-craters
Change Healthcare submitted a breach notification to #HHS on July 19. They report the number of patients affected as "500" (a marker for "We have no friggin' idea how many and we'll get back to you at some date before the end of civilization maybe.").
They didn't comply with the "no later than 60 calendar days" requirement and I'm not sure what good a "500" report does anyone.
UnitedHealth CEO admits it paid $22 million ransom to BlackCat
UnitedHealth paid a multimillion-dollar ransom to hackers who broke into one of its subsidiaries, disrupting healthcare providers across the country for months the CEO confirmed
#UnitedHealth #AlphV #BlackCat #ChangeHealthcare #Optum #malware #ransomware #security #cybersecurity #hackers #Hacking #Hacked
https://www.theverge.com/2024/5/1/24146693/unitedhealth-22-million-ransom-ransomware-hack-blackcat
#UnitedHealth says #ChangeHealthcare hackers stole health data on ‘substantial proportion of people in America’
The health tech giant handles health data for about half of all #Americans
The admission that hackers stole Americans’ health data comes a week after a new hacking group began publishing portions of the stolen data in an effort to extort a second #ransom demand from the company. After paying $22 million to a Russia-based criminal gang called #ALPHV in March.
https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/?guccounter=1
Change Healthcare Case: RansomHub – “AlphV has no data. We still expect that the UH company can buy this data”
https://www.suspectfile.com/change-healthcare-case-ransomhub-alphv-has-no-data-we-still-expect-that-the-uh-company-can-buy-this-data/
Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 
(PDF) https://go.onapsis.com/threat-report/ch4tter
The Food and Agriculture-Information Sharing and Analysis Center released its first ransowmare report today.
There were at least 167 ransomware attacks on the industry last year, with most from #LockBit and #AlphV
https://therecord.media/food-and-agriculture-hit-with-ransomware-attacks
#Ransomware: US-Gesundheitsplattform soll nach #AlphV-Betrug doppelt zahlen | Security https://www.heise.de/news/Ransomware-US-Gesundheitsplattform-soll-nach-AlphV-Betrug-doppelt-zahlen-9678433.html #Malware
Data supposedly stolen during the #ransomware attack on Change Healthcare will supposedly be leaked on #RansomHub's site unless Change pays for a supposedly second time because #Alphv supposedly scammed the affiliate responsible for the attack.
Hacker News 
️
