Change Healthcare finally spills the tea on what medical data was stolen by cyber-crew

Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February - and for the first time has concretely disclosed the types of information swiped during that IT intrusion.

In a Thursday notice, the healthcare giant said it's still "working through data to identify affected individuals."

This could take some time. Back in April, Change's parent UnitedHealth warned the stolen files "could cover a substantial proportion of people in America," a nation of more than 330 million.

Change provides software and services to manage people's prescription payments and medical claims, among other things, to pharmacies, hospitals, and insurance companies across the United States. Now it's saying that since Thursday, it has been warning those customers that their own customers have had their sensitive info fall into the wrong hands, the hands of ransomware extortionists who raided Change's systems for precious data.

Once the embattled tech biz finishes assessing who exactly was affected, it will mail written letters to affected individuals, we're told, though it also noted "we may not have sufficient addresses for all." This process should begin in late July, we're told.

Also in this week's update Change has, for the first time that we can tell, provided specific details about what types of records may have been exfiltrated by the thieves. This includes first and last names, dates of birth, phone numbers, email addresses, and the following:

Change maintained it has "not yet seen full medical histories appear in the data review."

Meanwhile, the corporation - and much of the American healthcare industry - continues the very slow recovery process from the ransomware cyberattack, which began on February 12 when ALPHV affiliates used stolen credentials to break in. We understand the crooks used those creds to remotely access a Citrix-based management portal that didn't have multi-factor authentication enabled, and continued into the corporation from there.

The criminals encrypted Change's IT systems about a week later, preventing patients from getting prescriptions filled and using medical services as expected under their health insurance plans. And it took nearly a month to bring the electronic prescription processing back online.

As of April, Change's costs associated with the attack were nearing $1 billion, and later that month UnitedHealth CEO Andrew Witty confirmed to US senators that his company had paid $22 million to the extortionists to ostensibly keep a lid on the stolen data.

Earlier this month, the Feds started shutting down financial support to healthcare providers that had faced cash-flow issues because of the ransomware infection.

Meanwhile, the healthcare sector remains a prime target for ransomware and other destructive cyberattacks.

In early June, ransomware gang Qilin crippled services across hospitals in the UK capital after attacking pathology services provider Synnovis. On Friday the Russian crew began leaking patient data stolen during that raid.

In an interview with The Register a member of Qilin told us they were intent on causing havoc in the attack. ®

Search
About Us
Website HardCracked provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Jul 12
Google can totally explain why Chromium browsers quietly tell only its websites about your CPU, GPU usage

OK, now tell us why this isn't an EU DMA violation - asking for a friend in Brussels

Jul 12
SAP's bid to woo open source community meets muted response

German software giant says open source is a 'catalyst for innovation' but is unlikely to release proprietary code

Jul 12
Stop installing that software - you may have just died

On Call They're called role-playing games for a reason ...

Jul 11
Former Autonomy CFO banned from chartered accounting group until 2038

Sushovan Hussain's failure in 2020 to appeal his 2018 fraud conviction in the US means he won't be a member of ICAEW for 20 years

Jul 11
AMD buys developer Silo AI in bid to match Nvidia's product range

First it comes for market leader's GPUs ... now it's nibbling at software

Jul 11
Firefox 128 bumps system requirements for old boxes

Get comfortable, it'll be here for a while