Hackers were inside Change Healthcare’s systems 9 days before attack

Cybercriminals who broke into Change Healthcare’s systems and held data for ransom on the dark web likely had access to the company’s network for more than a week prior to any attack. 

According to coverage from the Washington Post, the hackers had access to Change Healthcare’s systems as early as Feb. 12, nine days before the Feb. 21 ransomware incident took place. Citing “a person familiar with the cyber investigation,” the group was reportedly able to use stolen credentials on a remote access application that gives employees entry into Change Healthcare’s network. 

Regardless of how it happened, the data breach disrupted insurance payments across the country, with ripple effects that still persist over two months later. 

Despite paying a $22 million ransom, data stolen from the hack ended up on the dark web when Change Healthcare and parent company UnitedHealth Group failed to pay a second ransom. More concerning, the criminals claimed to have names, addresses, contact information, insurance information and detailed medical histories on nearly every American—all of which are now for sale on the dark web.

In a statement released earlier this week, UnitedHealth seemed to confirm the hackers’ claims, writing that the data taken contained personal health information from “a substantial proportion of people in America,” including high-profile individuals such as politicians and active duty military. However, the company said it has “not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data,” adding that it will take months to identify and notify everyone whose data was compromised.

Damage is still being done

It’s not yet clear what cybercrime cell is responsible for the data breach, as multiple groups have taken credit. However, RansomHub is the group posting data from the hack onto the dark web. The data trove, now advertised as for sale, is said to contain “thousands of source code files from Change Healthcare solutions”—meaning, the roadmap for another breach may be online along with your protected health information. 

In a recent call with investors, UnitedHealth said the Change Healthcare breach has already cost the company $872 million in losses, and that number is expected to reach $1.6 billion before this saga comes to a close. 

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”