Hospitals Hacked: Urgent Care Needed

by | May 23, 2024

In recent research by Veriti, a significant cyber security breach at Change Healthcare highlighted severe vulnerabilities in healthcare data security, affecting over 1.35 million files. This breach involved multiple healthcare and insurance providers, exposing sensitive data like medical records and personal identifiers, leading to far-reaching implications. The study aims to underscore the critical need for proactive and safe remediation across interconnected healthcare networks.

Example for sensitive data that was stolen:

Searching for the exposed vein: how the attackers started

In the recent attack on Change Healthcare, part of UnitedHealth Group, the ransomware group BlackCat, also known as AlphV, exploited crucial data exchange processes between healthcare providers and insurers. This breach led to the exposure of a vast array of sensitive information including medical records, financial details, and personal identifiers like Social Security numbers. The implications of such a breach are profound, affecting countless individuals and organizations connected within the healthcare ecosystem. 

Spreading like cancer: the impact of the breach 

Veriti’s research identified at least 30 organizations that were directly impacted by the breach. Among these, prominent health insurers like UnitedHealthcare, Blue Cross Blue Shield, Humana, and CareFirst have been severely affected due to their reliance on Change Healthcare for crucial data processing and claims management.

In addition to insurers, several regional hospitals and healthcare systems have felt the breach’s impact, including Erlanger Health System, Appalachian Regional Healthcare, Pelham Medical Center, and others spread across the U.S. longer-term challenges These institutions may not only be dealing with the immediate fallout from disrupted operational and financial processes, but are also facing long-term challenges related to patient trust and data security.

Tech-oriented healthcare entities like PatientPay & Epic Systems have also been impacted, facing potential risks related to intellectual property theft and loss of client confidence. Similarly, organizations with a broader humanitarian reach, such as the American Red Cross, as well as the National Council on Aging (NCOA), which deals with sensitive elderly information, are confronting issues related to the security of donor and volunteer information, which could affect their crucial operations and public perception. The exposure of such critical data places millions of individuals at risk of identity theft and financial fraud.

The geographic spread of the breach’s impact is extensive, affecting entities across multiple states, from large urban centers to smaller regional locales. The interconnected nature of modern healthcare infrastructure and the broad scale of potential disruption can stem from a single point of failure in cyber security measures.

Enhancing Healthcare Security: Continuous Assessment and Targeted Remediation

The insights from Veriti research leads us to one conclusion for healthcare, the need to adopt continuous exposure assessment and safe remediation across the sector.

Sec and the Business: A Security Pro’s Guide to Exposure Assessments and RemediationUnderstanding the impact of remediation  is crucial for mitigating the risks associated with security actions and ensuring that these interventions do not inadvertently compromise business operations. By conducting comprehensive impact analyses before implementing remediation measures, organizations can anticipate potential disruptions and weigh the benefits of security enhancements against operational risks. This involves evaluating the potential for:

  • System Downtime
  • The effect on User Experience
  • False Positives leading to Business Disruption

Such assessments enable security teams to tailor their remediation strategies in a way that maximizes security benefits while minimizing any negative impact on business processes, ensuring that the organization maintains its operational integrity and resilience in the face of necessary security improvements.

References for Research:

San Mateo County Health,
Epic Systems Corporation,  
OpenText StreamServe   A tool not an organization,
Community Oncology
Pelham Medical Center,
Carolinas Medical Center,
University Medical Center,
American Red
Appalachian Regional
Arkansas Best Corporation (not healthcare),  
Community Health Centers, 
Appalachian Regional Healthcare in
Erlanger Health
Massachusetts Nurses
Blue Cross Blue
Health Partners

Distribution by Known File Types:

File Types Per Category:

  • Document: csv, doc, fmt, html, pdf, ppt, rpt, rtf, txt, xls, xml
  • Executable: bat, cmd, dll, exe, jar
  • Data File: bcp, cfg, dat, dbf, edi, log, mdb, pgp, sql, tmp, zip
  • Image: bmp, emf, gif, img, jpg, png, tif
  • Email: email, msg

File Types Count:

pdf: 204398log: 111751txt: 61380
html: 43981
zip: 25655bcp: 23117
csv: 16552email: 13333
pgp: 7008
emf: 5981
xls: 5287
edi: 4614
grp: 3104
ppq: 3034
rcv: 2756
png: 2529ack: 2491
doc: 2127
sql: 1848
msg: 1614
xml: 1488
def: 1192
rtf: 1084
fmt: 927
jpg: 913
rpt: 716
eps: 435 
dll: 432
pkg: 375
trn: 343
lnk: 340
eob: 331
stm: 250
941: 231
pcx: 203
mdb: 193
err: 185
asc: 172
lxf: 167
exe: 153
dat: 150
duc: 143
dbf: 141t
gz: 133
prg: 131
era: 129
000: 112
271: 100
837: 99
out: 99
don: 98
url: 91
dtd: 90
pma: 90
trc: 83
pdb: 78
gif: 78
css: 75
bad: 74
bch: 71
xlk: 70
cmp: 64
fix: 64
sfv: 64
bat: 63
hrr: 61
ini: 58
inq: 55
hrn: 50
prt: 45
ttf: 44
wav: 39
del: 38
tag: 37
cli: 35
cdx: 35
ppt: 35
ghr: 32
bak: 30
ldf: 29
hhr: 28
vsd: 28
msi: 27
bmp: 26
cfg: 24
obj: 24
tmp: 23
cab: 23
chm: 23
cpp: 22
nte: 21
img: 21
tif: 20
cmd: 20
jar: 18

Distribution of File Sizes in Megabytes:

File count by Associated Organization:

San Mateo County Health: 105756
Epic Systems Corporation: 57639
OpenText StreamServe: 49099
Community Oncology Alliance: 45406
Pelham Medical Center: 34893
Health Partners Plans: 31955
University Medical Center: 16183
Carolinas Medical Center: 2606
PatientPay: 8227
American Red Cross: 5416
Appalachian Regional Healthcare: 5127
Arkansas Best Corporation: 3124
Community Health Centers: 2606
Appalachian Regional Healthcare in Montana: 2415
Humana Inc.: 2015
Erlanger Health System: 1947
Anthem Inc.: 1934
Aetna Inc.: 1831
UnitedHealthcare: 1692
Geisinger Health: 1572
Massachusetts Nurses Association: 1511
Blue Cross Blue Shield: 944
Palmetto GBA: 1449
MedicAid: 620
Change Healthcare: 781
CareFirst: 551NCOA: 573
Whitesburg: 494
Middlesboro: 459McDowell: 443

Life Support aka Safe Remediation

The final analysis on Change Healthcare reveals a compelling narrative on the critical need for safe and calculated remediation strategies in the healthcare sector. Addressing vulnerabilities  with smart remediation plans is essential to ensure that necessary security updates do not lead to unintended consequences such as system downtime, degraded user experience, or operational disruptions due to false positives. This approach helps maintain the operational integrity and trust essential in healthcare, ensuring systems remain robust and secure while minimizing impacts on critical healthcare services and patient care.

Get your security controls assessment now

Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.


Product Overview

Maximize security posture while ensuring business uptime


AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control


Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness


Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.


Chat with your environment to cut MTTR times drastically


Safe Remediation

Ensure remediation actions do not give rise to additional exposures


Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes


Efficiently manage multiple clients in a consolidated platform


Neutralize security gaps without impacting healthcare operations


Protect the heart of your production processes


A security pro’s guide to exposure assessments and remediation


Read Whitepaper >>


See all resources


Veriti's security blog


The latest guides, white papers and infographics


Live event and on-demand webinars


Our Comprehensive Definitions Guide



Our Story

Learn about Veriti


Work with us


Our latest updates

Contact US

Get in touch


Become a partner


Reduce operational costs