Hospitals Hacked: Urgent Care Needed

by | May 23, 2024

In recent research by Veriti, a significant cyber security breach at Change Healthcare highlighted severe vulnerabilities in healthcare data security, affecting over 1.35 million files. This breach involved multiple healthcare and insurance providers, exposing sensitive data like medical records and personal identifiers, leading to far-reaching implications. The study aims to underscore the critical need for proactive and safe remediation across interconnected healthcare networks.

Example for sensitive data that was stolen:

Searching for the exposed vein: how the attackers started

In the recent attack on Change Healthcare, part of UnitedHealth Group, the ransomware group BlackCat, also known as AlphV, exploited crucial data exchange processes between healthcare providers and insurers. This breach led to the exposure of a vast array of sensitive information including medical records, financial details, and personal identifiers like Social Security numbers. The implications of such a breach are profound, affecting countless individuals and organizations connected within the healthcare ecosystem. 

Spreading like cancer: the impact of the breach 

Veriti’s research identified at least 30 organizations that were directly impacted by the breach. Among these, prominent health insurers like UnitedHealthcare, Blue Cross Blue Shield, Humana, and CareFirst have been severely affected due to their reliance on Change Healthcare for crucial data processing and claims management.

In addition to insurers, several regional hospitals and healthcare systems have felt the breach’s impact, including Erlanger Health System, Appalachian Regional Healthcare, Pelham Medical Center, and others spread across the U.S. longer-term challenges These institutions may not only be dealing with the immediate fallout from disrupted operational and financial processes, but are also facing long-term challenges related to patient trust and data security.

Tech-oriented healthcare entities like PatientPay & Epic Systems have also been impacted, facing potential risks related to intellectual property theft and loss of client confidence. Similarly, organizations with a broader humanitarian reach, such as the American Red Cross, as well as the National Council on Aging (NCOA), which deals with sensitive elderly information, are confronting issues related to the security of donor and volunteer information, which could affect their crucial operations and public perception. The exposure of such critical data places millions of individuals at risk of identity theft and financial fraud.

The geographic spread of the breach’s impact is extensive, affecting entities across multiple states, from large urban centers to smaller regional locales. The interconnected nature of modern healthcare infrastructure and the broad scale of potential disruption can stem from a single point of failure in cyber security measures.

Enhancing Healthcare Security: Continuous Assessment and Targeted Remediation

The insights from Veriti research leads us to one conclusion for healthcare, the need to adopt continuous exposure assessment and safe remediation across the sector.

Sec and the Business: A Security Pro’s Guide to Exposure Assessments and RemediationUnderstanding the impact of remediation  is crucial for mitigating the risks associated with security actions and ensuring that these interventions do not inadvertently compromise business operations. By conducting comprehensive impact analyses before implementing remediation measures, organizations can anticipate potential disruptions and weigh the benefits of security enhancements against operational risks. This involves evaluating the potential for:

  • System Downtime
  • The effect on User Experience
  • False Positives leading to Business Disruption

Such assessments enable security teams to tailor their remediation strategies in a way that maximizes security benefits while minimizing any negative impact on business processes, ensuring that the organization maintains its operational integrity and resilience in the face of necessary security improvements.

References for Research:

ORGANIZATIONWEBSITE
San Mateo County Health,www.smchealth.org
Epic Systems Corporation,www.epic.com  
OpenText StreamServe   A tool not an organization, https://www.opentext.com/solutions/experience-platform-for-healthcare-providers
Community Oncology Alliancewww.communityoncology.org
Pelham Medical Center, www.spartanburgregional.com/locations/pelham-medical-center
Carolinas Medical Center,www.atrhealth.org
University Medical Center,www.umc.edu 
PatientPaywww.patientpay.net
American Red Crosswww.redcross.org
Appalachian Regional Healthcarewww.arh.org
Arkansas Best Corporation (not healthcare),www.abf.com  
Community Health Centers,www.chc1.com 
Appalachian Regional Healthcare in Montanawww.arh.org
Humana Inc.www.humana.com
Erlanger Health Systemwww.erlanger.org
Anthem Inc.www.anthem.com
Aetna Inc.www.aetna.com
UnitedHealthcarewww.uhc.com
Geisinger Healthwww.geisinger.org
Massachusetts Nurses Associationwww.massnurses.org
Blue Cross Blue Shieldwww.bcbs.com
Palmetto GBAwww.palmettogba.com
MedicAidwww.medicaid.gov
Change Healthcarewww.changehealthcare.com
CareFirstwww.carefirst.com
NCOAwww.ncoa.org
Whitesburgwww.arh.org/locations/whitesburg
Middlesborowww.arh.org/locations/middlesboro
McDowellwww.arh.org/locations/mcdowell
Health Partners Planswww.healthpartnersplans.com

Distribution by Known File Types:

File Types Per Category:

  • Document: csv, doc, fmt, html, pdf, ppt, rpt, rtf, txt, xls, xml
  • Executable: bat, cmd, dll, exe, jar
  • Data File: bcp, cfg, dat, dbf, edi, log, mdb, pgp, sql, tmp, zip
  • Image: bmp, emf, gif, img, jpg, png, tif
  • Email: email, msg

File Types Count:

pdf: 204398log: 111751txt: 61380
html: 43981
zip: 25655bcp: 23117
csv: 16552email: 13333
pgp: 7008
emf: 5981
xls: 5287
edi: 4614
grp: 3104
ppq: 3034
rcv: 2756
png: 2529ack: 2491
doc: 2127
sql: 1848
msg: 1614
xml: 1488
def: 1192
rtf: 1084
fmt: 927
jpg: 913
rpt: 716
eps: 435 
dll: 432
pkg: 375
trn: 343
lnk: 340
eob: 331
stm: 250
941: 231
pcx: 203
mdb: 193
err: 185
asc: 172
lxf: 167
exe: 153
dat: 150
duc: 143
dbf: 141t
gz: 133
prg: 131
era: 129
000: 112
271: 100
837: 99
out: 99
don: 98
url: 91
dtd: 90
pma: 90
trc: 83
pdb: 78
gif: 78
css: 75
bad: 74
bch: 71
xlk: 70
cmp: 64
fix: 64
sfv: 64
bat: 63
hrr: 61
ini: 58
inq: 55
hrn: 50
prt: 45
ttf: 44
wav: 39
del: 38
tag: 37
cli: 35
cdx: 35
ppt: 35
ghr: 32
bak: 30
ldf: 29
hhr: 28
vsd: 28
msi: 27
bmp: 26
cfg: 24
obj: 24
tmp: 23
cab: 23
chm: 23
cpp: 22
nte: 21
img: 21
tif: 20
cmd: 20
jar: 18
 

Distribution of File Sizes in Megabytes:

File count by Associated Organization:

San Mateo County Health: 105756
Epic Systems Corporation: 57639
OpenText StreamServe: 49099
Community Oncology Alliance: 45406
Pelham Medical Center: 34893
Health Partners Plans: 31955
University Medical Center: 16183
Carolinas Medical Center: 2606
PatientPay: 8227
American Red Cross: 5416
Appalachian Regional Healthcare: 5127
Arkansas Best Corporation: 3124
Community Health Centers: 2606
Appalachian Regional Healthcare in Montana: 2415
Humana Inc.: 2015
Erlanger Health System: 1947
Anthem Inc.: 1934
Aetna Inc.: 1831
UnitedHealthcare: 1692
Geisinger Health: 1572
Massachusetts Nurses Association: 1511
Blue Cross Blue Shield: 944
Palmetto GBA: 1449
MedicAid: 620
Change Healthcare: 781
CareFirst: 551NCOA: 573
Whitesburg: 494
Middlesboro: 459McDowell: 443

Life Support aka Safe Remediation

The final analysis on Change Healthcare reveals a compelling narrative on the critical need for safe and calculated remediation strategies in the healthcare sector. Addressing vulnerabilities  with smart remediation plans is essential to ensure that necessary security updates do not lead to unintended consequences such as system downtime, degraded user experience, or operational disruptions due to false positives. This approach helps maintain the operational integrity and trust essential in healthcare, ensuring systems remain robust and secure while minimizing impacts on critical healthcare services and patient care.

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs