Melissa Newton Smith’s Post

INTERNET, IT & E-DISCOVERY BLOG: Healthcare breach at UT Southwestern! https://lnkd.in/gfyTknjx https://lnkd.in/gqFg2B_j SCMagazine.com reported that “Dallas-based UT Southwestern Medical Center had data from almost 2,100 individuals compromised following a data breach, The Dallas Morning News reports.” The March 12, 2024 report entitled “UT Southwestern breach hits over 2K patients” (https://lnkd.in/gdRjfhHi) included these comments a UT Southwestern spokesperson: We are assessing the data to prepare notifications to those impacted in accordance with federal regulations. The incident involved internal use of unapproved software and did not involve a cyberattack or external exposure of data,… And these comments: Threat actors were able to access patients' medical and health insurance details, as well as their birthdates and addresses, noted UT Southwestern in a filing with the Office of the Texas Attorney General, which also noted upcoming notifications to affected individuals. Such a breach comes months after UT Southwestern disclosed being among the more than 2,700 organizations impacted by the widespread MOVEit hack conducted by the Cl0p ransomware operation. The development also follows an IBM study noting mounting data breach costs, especially in the healthcare sector, which logged an over 50% increase in average breach spending since 2020 to $11 million last year. Unfortunately Healthcare is a large target! #cyber #healthcare

Cyberattack on UnitedHealth’s Change Healthcare Disrupts U.S. Healthcare for Seventh Day! The healthcare sector is grappling with a cyberattack on UnitedHealth’s Change Healthcare, now in its seventh day, causing significant disruptions. The attack has affected over 90% of the nation’s pharmacies, forcing them to deploy electronic workarounds for payment and revenue cycle management. UnitedHealth discovered the breach, suspected to be a nation-state-associated threat, last week. The company immediately isolated and disconnected the impacted systems. Change Healthcare, which merged with Optum in 2022, is crucial for processing claims and managing payments for more than 100 million patients in the U.S. The fallout has not yet impacted provider cash flows, as payments are typically issued one to two weeks after processing. However, the disruption highlights the vulnerability of the healthcare sector to cyberattacks. In 2023, a record 725 large healthcare security breaches were reported, underscoring the attractiveness of health data to cybercriminals. CVS Health and Walgreens have reported that their operations have been affected, with difficulties in processing insurance claims and filling prescriptions. The breach underscores the need for senior healthcare leaders to dedicate resources to cybersecurity and foster a culture where everyone is part of the cybersecurity team. This incident is a stark reminder of the importance of cybersecurity in the healthcare industry. It’s not just an attack on Change Healthcare, but an attack on the entire sector. As we move forward, it’s crucial for organizations to strengthen their defenses and for individuals to take steps to protect their personal data. #Cybersecurity #Healthcare #DataBreach #UnitedHealth #ChangeHealthcare #PharmacyDisruption #CyberAttack

The ransomware attack on UnitedHealth’s Change Healthcare subsidiary last month not only brought to light how attractive the data-rich U.S. health-care industry is to hackers and how devastating the consequences for patients and doctors, but also how sophisticated cyber criminals are becoming when targeting vulnerable sectors. The breach, which took place more than three weeks ago, prompted the U.S. Department of Health and Human Services this week to launch an investigation into UnitedHealth. In a statement, the HHS Office for Civil Rights said it’s investigating the cyberattack due to its “unprecedented magnitude.” Change Healthcare is the largest clearinghouse for insurance billing and payments in the U.S. Since the February 21 attack, the thousands of doctors, hospitals and other health providers that depend on Change Healthcare for billing reimbursements have not been paid as the company works to bring its systems back online. UnitedHealth told CNBC in a statement that it will cooperate with the investigation from the OCR. “Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” the company said. “We are working with law enforcement to investigate the extent of impacted data.” The breach, no doubt, is a nightmare for health providers who claim they are running out of cash to run their practices as they wait for Change Healthcare payments, as well as for consumers who are seeing delays in getting prescriptions filled or procedures approved. But it also underscores a much bigger problem: the vulnerability of the entire U.S. health-care sector. https://lnkd.in/dATFvazA #uhc #clearinghouse #cybersecurity #ransomware #ransomwareprotection #healthcare #healthcareinnovations #healthcaretechnology #healthcareprofessionals #healthcareproviders #healthcaresystems #doctors #healthinsurance #technology #innovation #patientdata #patients #hospitals #cybercrime

Massive Data Breach at UnitedHealth Affects “Substantial Proportion of People in America” The UnitedHealth cyber breach saga seemingly keeps getting worse. If you recall, UnitedHealth Group disclosed that a #ransomware #attack targeting its subsidiary, Change Healthcare, led to the theft of private healthcare data concerning a significant number of Americans. While specific figures on the number of individuals affected were not disclosed, the company indicated that the stolen data could potentially impact a vast swath of the U.S. population. Change Healthcare, a key player in the health tech sector, processes insurance and billing information for numerous healthcare providers nationwide, thereby accessing extensive health data on roughly half of all Americans. Based on initial targeted data sampling to date, the company has found files containing protected health information (#PHI) or personally identifiable information (#PII), which could cover a substantial proportion of people in America. To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data. The breach was first brought to light when a new hacking group, known as #RansomHub, began to publish parts of the stolen data online in an attempt to extract a secondary ransom from UnitedHealth. Despite prior payments totaling $22 million to another group, #ALPHV, for an earlier breach, UnitedHealth confirmed they again conceded to a ransom demand to safeguard patient data from further exposure. The ongoing situation underscores the severity of the breach, which not only compromised patient information but also significantly disrupted healthcare services across the country, resulting in substantial financial losses for UnitedHealth. UnitedHealth's handling of the incident has come under scrutiny as the healthcare system continues to grapple with the aftermath of the attack. With disruptions causing widespread outages in pharmacies and hospitals, the attack has had far-reaching implications for patient care and financial stability within the sector. As the company works through the extensive data review process, which is expected to take several months, the broader implications for healthcare data security and ransomware attacks on critical infrastructure are becoming starkly apparent. #cyberattacks #healthcare #ransomware #threatactors

The theft of valuable protected health information (PHI) is a growing concern. Over half of healthcare CFOs (51%) say privacy breaches are a bigger risk in 2024 compared to 2023, according to BDO’s 2024 Healthcare CFO Outlook Survey. Cybercriminals exploit patient information and the repercussions from a cyberattack can be severe. Click on the link below to learn more and ask me how I can help! https://lnkd.in/eSyD5iWi

Answering 7 Key Questions About Change Healthcare’s Cyberattack – MedCity News - MedCity News #Cyberattack on Change Healthcare Change Healthcare recently experienced a cyberattack that affected its systems and services. Here are 7 key questions answered about the incident: #1: What Happened? Change Healthcare was targeted by a hacker who gained unauthorized access to their systems. #2: When Did the Cyberattack Occur? The cyberattack occurred recently, but the exact date has not been disclosed. #3: What Data Was Compromised? It is unclear what specific data was compromised during the cyberattack. #4: How Did Change Healthcare Respond? Change Healthcare immediately took action to investigate and contain the cyberattack. #5: What Impact Did the Cyberattack Have? The cyberattack caused disruptions to Change Healthcare's systems and services. ai.mediformatica.com #healthcare #providers #change #changehealthcare #government #cyberattack #news #medcity #cybersecurity #optum #payments #ransomware #digitalhealth #healthit #healthtech #healthcaretechnology @MediFormatica (https://buff.ly/3PcJRGK)

⚠ Geisinger Faces Data Security Breach ⚠ : Patient Info at Risk [#DataBreach #HealthcareSecurity] Geisinger, a prominent healthcare provider, recently disclosed a data security incident exposing patients' personal and medical information. The breach occurred between May 24 and June 2, 2024, affecting an undisclosed number of patients. Compromised data includes names, addresses, dates of birth, medical record numbers, insurance details, and limited clinical information. 🔍Key Actions Taken: - Notification of impacted patients - Complimentary identity protection services offered - Enhancement of security protocols Navigating the Aftermath: How does this incident shift your perspective on data security within healthcare? What measures do you believe are essential to fortify digital defenses against such breaches? Let's collaborate in the comments below. Sharing insights and strategies can empower us to better protect sensitive patient information in an increasingly digital healthcare landscape. #CyberSecurity #InfoSec #PatientDataProtection #DigitalHealth #HealthcareIT Read more about the incident and Geisinger's response: https://lnkd.in/g7inA_3f

On February 21, cyber criminals accessed Change Healthcare’s computer systems, encrypted vital IT data, and claimed to have stolen six terabytes of sensitive information, including personally identifiable information and medical records. In response to the attack, Change Healthcare disconnected its systems – paralyzing hospital and pharmacy systems, claims approvals, and billing and payment systems across the country. It was arguably the most significant cybersecurity disruption to healthcare in U.S. history. UnitedHealth Group, Change Healthcare’s parent company, paid a $22 million ransom to the cyber criminals to reduce the risk of the stolen medical data being publicly disclosed – and an additional $3.3 billion to affected providers. These losses don’t include the forensic, incident, and legal costs needed to respond to the attack. In its 2024 first-quarter report, UnitedHealth Group reported a loss of $872 million in “unfavorable cyberattack effects.” Don't Forget About ERISA in Your Health Plan’s Cybersecurity Efforts: Important Reminders for Plan Fiduciaries in the Wake of Healthcare Cyberattack. Jenny Kiesewetter attorney at Fisher Phillips provides those reminders here: https://lnkd.in/eaR_kzXh #erisa #fiduciary #fiduciaryduty #cyberattack #cubersecurity

Did you know that healthcare data breaches can affect millions? A staggering 9 million patients were impacted by a recent healthcare data breach. It highlights the critical need for enhanced data security in the healthcare sector. Protecting patient information is not just about compliance; it’s about trust. In an era where data is gold, how can healthcare providers strengthen their defenses against such breaches? #HealthcareSecurity #DataBreach #PatientTrust #ExpertlyManagedIT #ITSupport https://lnkd.in/eGGZQ8HX

Whoa. A huge story you might have missed: "Change Healthcare is experiencing a cyber security issue.' The attack led to a nationwide outage of a network designed to communicate data between healthcare providers and insurance companies. - "On February 21, 2024, UnitedHealth Group identified a suspected nation-state associated cybersecurity threat actor had gained access to some of the Change Healthcare information technology systems," - Change processes 15 billion healthcare transactions each year, and its "clinical connectivity solutions" touch a third of U.S. patients. - The American Hospital Association is recommending that its members consider disconnecting from Optum's services until ...resolved. - Pharmacies across the United States are still grappling with substantial disruptions ... as reported by multiple pharmacy chains. Get updates on the AHA Website: https://lnkd.in/gFAHjJFp #cyberawareness #healthcarecompliance #databreach #healthcaredata