Article 6NJ48 Security Lessons from the Change Healthcare Ransomware Catastrophe

Security Lessons from the Change Healthcare Ransomware Catastrophe

by
EditorDavid
from Slashdot on (#6NJ48)
The $22 million paid by Change Healthcare's parent company to unlock its systems "may have emboldened bad actors to further target the vulnerable industry," writes Axios:There were 44 attacks against the health care sector in April, the most that [cybersecurity firm] Recorded Future has seen in the four years it's been collecting data. It was also the second-largest month-over-month jump, after 30 ransomware attacks were recorded in March. There were 32 attacks in February and May. But an analysis by the security-focused magazine CSO says the "disastrous" incident also "starkly illustrated the fragility of the healthcare sector, prompting calls for regulatory action."In response to the attack, US politicians have called for mandated baseline cybersecurity standards in the health sector, as well as better information sharing. They have also raised concerns that industry consolidation is increasing cyber risk. So what went wrong? The attackers used a set of stolen credentials to remotely access the company's systems. But the article also notes Change Healthcare's systems "suffered from a lack of segmentation, which enables easy lateral movement of the attack" - and that the company's acquisition may have played a role:Mergers and acquisitions create new cyber threats because they involve the integration of systems, data, and processes from different organizations, each with its own security protocols and potential vulnerabilities. "During this transition, cybercriminals can exploit discrepancies in security measures, gaps in IT governance, and the increased complexity of managing merged IT environments," Aron Brand, CTO of CTERA told CSOonline. "Additionally, the heightened sharing of sensitive information between parties provides more opportunities for data breaches." And "In the end, paying the ransom failed to protect UHG from secondary attempts at extortion."In April, cybercriminals from the RansomHub group threatened to leak portions of 6TB of sensitive data stolen from the breach of Change Healthcare, and obtained through Nichy, according to an analysis by security vendor Forescout. An estimated one in three Americans had their sensitive data exposed as a result of the attack. Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts... The US Department of Health and Human Services (HHS) is investigating whether a breach of protected health information occurred in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations. Thanks to Slashdot reader snydeq for sharing the article.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments