Sam Mackenzie’s Post

In a twist that seems straight out of a cyber thriller, UnitedHealth Group (UHG) is rumored to have paid a $22 million ransom to the ALPHV/BlackCat ransomware gang, according to dark web chatter. This saga unfolded after a disgruntled affiliate leaked details of the ransom payment, alleging that they were denied their share by ALPHV. Despite the payment, it's claimed that around 4TB of sensitive data remains in the hackers' possession. This incident highlights the complex underworld of ransomware-as-a-service (RaaS) operations, where betrayals and double-crossings seem as common as the cyberattacks themselves. ALPHV, a notorious name in the cybercriminal community, has been accused of scamming its own affiliates, showcasing the risky alliances formed in these digital shadows. For the healthcare sector, and particularly for UHG and Change Healthcare, this episode is a stark reminder of the vulnerabilities and potential consequences of cyberattacks. The impact of such breaches extends far beyond financial losses, affecting healthcare providers and patients across the country. As this story continues to unfold, it underscores the critical need for robust cybersecurity measures and the dangers of negotiating with cybercriminals. #cybersecurity #ransomware #healthcaresecurity #ALPHV #cybercrime #securitymeasures #healthcaresector #cyberbreach #sensitivedata

The cost of ransomware attack is not just the ransom. UnitedHealth and its subsidiaries attack is a very good example. They allegedly paid a $22 million ransom…and then announce the following in their earnings call: « […] Of the $870 million, about $595 million were direct costs due to the clearinghouse platform restoration and other response efforts, including medical expenses directly relating to the temporary suspension of some care management activities. For the full year, we estimate these direct costs at $1 billion to $1.15 billion. […]» and that’s not even mentioning additional cost like loss revenue and other. knowing that the data exfiltrated is still in the hands of the threat groups and being leaked online. So there is potentially more to come. The holistic and far reaching impact of the situation has to be taken into consideration when doing scenario planning and the compounding effect can not be neglected. #ransomware #cybersecurity #impact #resiliency #cyber https://lnkd.in/d7mbBF-N

Complex healthcare relationships require diligent oversight when engaging with a partner - Know Your Partner. Reviewing technical controls in a complex relationship is essential to protect sensitive customer data from unauthorized access and breaches. It acts as a defensive barrier, preserving the integrity and confidentiality of patient information, which is fundamental in upholding the standards of modern healthcare practices. #cybersecurity #healthcaretechnology #relationships #cvshealth #walgreens #unitedhealth

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack For those who ever thought paying the ransom would actually secure your data and protect your company, or that paying a ransom meant once and done, this is a great example of the truth behind ransomware attacks: -1) paying money to the ransomware actors in no way assures that they delete the data, or don’t share with others (in fact, as I have often said in speeches, it should pretty much be assumed that the data is going to remain with someone, and end up being used again no matter what - whether that's by another criminal organization, to target the individuals named on the dataset, or by another group interested in capitalizing on the data); and - 2) there is a significant likelihood that paying a ransom once will lead to a second attack/ransom demand (some articles have put this risk at over 60%). #ransomware #changehealthcare #CFAA #cybercrime #HIPAA https://lnkd.in/eXuxcPHf

Argh, ugh, drat! So I'm just finishing up my deck for a presentation next week on the Change Healthcare breach by BlackCat and while looking for some screenshots of the ransomware note what do I find? A second attack being discussed by another ransomware gang: #cybersecurity #healthcare #breach #changehealthcare #ransomware #extortion #yetagain https://lnkd.in/eaM9WC6W

The healthcare industry is facing another cyber attack by RansomHub, which claims to have stolen 4TB of patient and military personnel data. They're demanding a ransom to avoid selling it. This incident highlights the need for strong cybersecurity measures. Protect sensitive patient data! #healthcare #ransomware #ChangeHealthcare #cybersecurity #CarefulSecurity

📣 Change Healthcare extorted by second ransomware group weeks after first 📣 Change Healthcare has been targeted by a second ransomware gang after an ALPHV attack a few weeks ago, with RansomHub claiming to have 4 TB of sensitive data. ℹ️ The attackers demand a ransom within 12 days to prevent the sale of the stolen data, which includes PII and medical records. Change Healthcare allegedly paid ALPHV a $22 million ransom, but this has not been officially confirmed. 👉 The situation raises questions about the effectiveness of paying ransoms and the potential for re-targeting by cybercriminals. #cybersecurity #news #ransomware #cybercrime #healthcare

😬 It's been a rough year for Change Healthcare, with the company falling victim to a second ransomware attack in the space of two months. 💀 In February, the company confirmed it had suffered a major breach orchestrated by the notorious ALPHV/BlackCat threat collective. 🔓 With this latest incident, a relatively new threat actor known as RansomHub claims to have 4TB of sensitive data stolen from the organization's network, and has threatened to publish the information unless they receive a ransom payment. ❓ But all isn't quite as it seems, according to ITPro's Solomon Klappholz. ♻️ The group behind this latest attack claims the stolen data is the same as that exfiltrated in February. Some experts have suggested the group is just a rebranded version of the ALPHV group, in an attempt to intimidate the healthcare company into paying up for a second time. 💬 According to RansomHub, ALPHV performed an ‘exit scam’, meaning the group absconded with the funds before compensating all of the affiliates involved in the attack - this latest attack could be an attempt by affiliates to recoup losses. 👀 Read more here 👀 #ChangeHealthcare | #Ransomware | #CyberSecurity | #InfoSec

This is a great article by Riaz Lakhani. I second the opinion that ransomware payments should be banned. Instead start imposing fines for data breaches equivalent to the number of users impacted and the kind of data lost. Say $X for SSN, $Y for email, $Z for address, $A for healthcare information, $B for credit card information and so on. https://lnkd.in/ge8vtU6j #changehealthcareattack #ransomware #cybersecurity #cyberattack

This article is a must read to everyone still depicting in his mind a ransomware attack like an attack ‘encrypting data’ As on e very good report i reposted week ago demonstrated, the ransomware attack is about EXFILTRATING data and ‘once the genie is out of the bottle there’s no way to put it back in’ Even when the ransom is paid, cybercriminals will retain stolen data whch will be either sold or used first further extortion There’s no justification anymore for healthcare providers not to implement a resilient Data Loss Prevention strategy so that PIIs of their clients are protected or, after the ransom, they will face the risk of paying also compensations and fines. The technology is there: weaponization of critical infrastructure and attackers using guerrilla tactics demands military grade security infodas connect more. Be secure #PII #crossdomainsolitions #ransomware #weaponization