Cybercrime

8 critical lessons from the Change Healthcare ransomware catastrophe

Healthcare increasingly under attack

Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts.

Victoria Hordern, a partner at international law firm Taylor Wessing’s technology, IP, and information team, told CSOonline: “A health data leak is a tantalizing prospect for a cybercriminal intending to carry out a ransomware attack since they know that a healthcare body will be paralyzed if it can’t access data to provide patient care.”

Hordern continued: “Where there is a multiplication of systems and a variety of different parties involved (i.e. patients, healthcare providers, tech support), there are also more points of weakness and vulnerability where bad actors can seek to gain entry into and control systems.”

The US Department of Health and Human Services (HHS) is investigating whether a breach of protected health information occurred in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations.

This investigation remains ongoing.

The Change Healthcare attack has coincided with a number of attacks on healthcare companies of late, including Ascension, London Drugs, Cencora, and Synnovis.

Ransomware as vibrant as ever

ALPHV’s apparent exit scam and the emergence of RansomHub has done little to change the fundamental drivers in the lucrative ransomware-as-a-service (RaaS) market, according to experts.

Hannah Baumgaertner, head of research at Silobreaker, said: “ALPHV’s exit scam took place around the same time as the law enforcement action that took down LockBit, resulting in the two most-active ransomware-as-a-service groups no longer being operational.”

Baumgaertner warned: “While one might expect this to mean fewer ransomware attacks will occur, this has not been the case.”

Due to the nature of RaaS operations, any affiliates that previously worked with ALPHV will only have gone on to find a new operation to work with. Meanwhile the principal players behind ALPHV will likely work on a new project under a different name, according to Baumgaertner.

There has been more than a threefold (264%) increase in ransomware attacks over the past five years, according to the HSS. Meanwhile, ransomware now tops the list of CISO’s biggest perceived threats, according to Proofpoint’s recent Voice of the CISO survey.

CSOonline invited UHG to comment on lessons it has learned from its investigation into the Change Healthcare ransomware attack. We’re yet to hear back but will update this story as soon as more information comes to hand.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button