Health care is under attack
Such secondary scams are becoming more common and healthcare providers are particularly vulnerable, according to compliance experts.
Victoria Hoordern, a partner in international law firm Taylor Wessing’s technology, IP, and information practice team, told CSOonline: “A health data breach is an exciting opportunity for a hacker aiming for a ransomware attack as we know a healthcare organization will be. is handicapped if it cannot access data to provide patient care.”
Hordern continued: “When there is a multiplicity of systems and different entities involved (ie patients, healthcare providers, technical support), there are also many points of weakness and vulnerability where bad actors can seek to enter and control systems. .”
The US Department of Health and Human Services (HHS) is investigating whether there is a breach of protected health information in an investigation into whether UHG or Change Healthcare violated the health care industry’s strict privacy laws.
This investigation is still ongoing.
The attack on Change Healthcare coincided with many recent attacks on healthcare companies, including Ascension, London Drugs, Cencora, and Synnovis.
Ransomware is as powerful as ever
The apparent ALPHV scam and the emergence of RansomHub have done little to change the key drivers of the lucrative ransomware-as-a-service (RaaS) market, according to experts.
Hannah Baumgaertner, head of research at Silobreaker, said: “The ALPHV leak occurred at the same time as the legal action that took down LockBit, which resulted in two of the most active ransomware-as-a-service groups going out of business. .”
Baumgaertner warned: “While one might expect this to mean a decrease in ransomware attacks, this has not been the case.”
Due to the nature of RaaS operations, any previous affiliates that have worked with ALPHV will have moved on to find new work to work with. Meanwhile the main players behind ALPHV will probably work on a new project under a different name, according to Baumgaertner.
There has been a three-fold increase (264%) in ransomware attacks over the past five years, according to HSS. Meanwhile, ransomware now tops the list of the biggest threats CISOs see, according to Proofpoint’s latest Voice of the CISO survey.
CSOonline invited UHG to comment on lessons learned from its investigation into the Change Healthcare ransomware attack. We’re yet to hear, but we’ll update this story as soon as more information becomes available.
Source link