The ransomware attack on UnitedHealth's subsidiary, Change Healthcare, has spotlighted the growing attractiveness of the data-rich U.S. healthcare industry to cybercriminals. This incident, which left thousands of doctors, hospitals, and health providers unpaid due to billing system disruptions, has prompted the U.S. Department of Health and Human Services (HHS) to launch an investigation into UnitedHealth.
Immediate Financial and Operational Impact of the Attack
Change Healthcare, the largest clearinghouse for insurance billing and payments in the U.S., has been grappling with the aftermath of the February 21 attack. Providers relying on Change Healthcare for billing reimbursements have faced financial strains, while consumers have experienced delays in receiving prescriptions and approvals for medical procedures. UnitedHealth has assured its cooperation with the HHS investigation, emphasising its focus on restoring systems, protecting data, and supporting those affected. The company also stated its collaboration with law enforcement to determine the extent of the data breach.
The Value of Medical Data to Cybercriminals
The incident highlights not only the immediate challenges faced by health providers and consumers but also the broader vulnerability of the entire U.S. healthcare sector to cyber threats. Sumedh Thakar, CEO of cybersecurity company Qualys, emphasised that the digital transformation of the healthcare system, while advancing patient care, has also amplified the need for better protection against evolving cyber threats. Hackers target healthcare organisations because they are more likely to pay ransom due to the high value of medical data. Cybersecurity researcher Jeremiah Fowler noted that on the dark web, medical records fetch a higher price of $60 compared to $15 for a Social Security number and $3 for a credit card. Thakar added that the exposure of healthcare data poses greater risks than other types of data, making it a prime target for cybercriminals.
Evolving Cybercriminal Tactics
Complicating the cybersecurity landscape further is the evolving nature of cybercriminal operations. Groups like Blackcat, claiming responsibility for the Change Healthcare hack, operate on an affiliate model similar to legitimate businesses. These "ransomware-as-a-service" groups, as described by Nicole Eagan, chief strategy and AI officer at Darktrace, involve core developers who sell or rent their ransomware tools to affiliate operators to exploit companies. Affiliates often receive a percentage of the ransom paid by victims. The rise of this 'as-a-service' model has lowered the entry barrier for cybercriminals, enabling them to target vulnerable sectors like health care without developing their ransomware. Eagan highlighted that this growth has led to diversification in extortion methods. Hackers are now employing double or even triple extortion strategies, not only encrypting data but also threatening to leak or sell stolen information unless their ransom demands are met.
Importance of Cybersecurity Investment
Amidst these challenges, the cybersecurity landscape remains a continuous battle between companies enhancing their defences and cybercriminals devising new attack methods. Thakar emphasised the importance for security leaders to evaluate the effectiveness of their cybersecurity investments in reducing risks across sectors. Fowler advocated for a shift in mindset among healthcare executives, emphasising the importance of investing in robust cybersecurity measures to protect valuable data. While the primary focus of healthcare providers is on delivering quality care, safeguarding data is equally crucial in today's digital age.
The ransomware attack on Change Healthcare serves as a stark reminder of the vulnerabilities within the U.S. healthcare sector and the urgent need for enhanced cybersecurity measures to protect patient data and ensure uninterrupted care delivery.
Source: CNBC
Image Credit: iStock
