United Health Care paid $22 Million to a Ransomware Gang

[VintageBetter]

https://www.cnn.com/2024/05/01/politics/data-stolen-healthcare-hack/index.html

Up to 1/3 of patients' data may have been breached in the attack. CEO says it's going to take a few months to figure that out.

About the criminal gang, BlackCat: BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security

BlackCat (cyber gang) - Wikipedia

Gee, I wonder if the cost of this ransom will be passed onto patients? Oh I can't imagine that would happen, can you? Ain't the Internet just wonderful? Sunshine and roses in all corners of the place.

 

[WhatInThe]

It's not paying a ransom to a hostage taker. It's called enabling criminal behavior.

 

[OneEyedDiva]

It's not paying a ransom to a hostage taker. It's called enabling criminal behavior.

What were they supposed to do in a circumstance such as this? The article states:
"The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data."

I don't know if would have been possible to hire a techie-hacker to free United Health Care's critical information that was held hostage.

 

[birdy]

That 22M could have really helped with their patient security.

 

[WhatInThe]

What were they supposed to do in a circumstance such as this? The article states:
"The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data."

I don't know if would have been possible to hire a techie-hacker to free United Health Care's critical information that was held hostage.

One of the basic tenants or rules of storing stuff on computers or in the tech world/servers since the turn of century is back up your files. All files in the business world especially should automatically backed up in some fashion. Alot of data entry comes paper. There should be offices of paper files somewhere even if the patient's doctors. There also should be discs, cds and non networked storage equipment.

Many could see this coming a miles away when E medical files became a thing decades ago.

 

[Myra]

What were they supposed to do in a circumstance such as this? The article states:
"The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data."

I don't know if would have been possible to hire a techie-hacker to free United Health Care's critical information that was held hostage.

That and the fact that I think everyone forgets about the fact that none of us could get our prescriptions filled until they got their computers fixed.

 

[VintageBetter]

Well, we can criticize these companies all we want, but just remember, even today I don't think one single public high school REQUIRES a 9th or 10th grader take an Online Security Course before graduation.

Driver's Education of some kind, if only from parents, is still required to get to drive, but any damn fool can use the Internet.

I know Congress has tried to catch up in recent years. They really have. And the younger members, like AOC, even play computer games. So there is some new blood in the place. But sometimes I still wonder if too many of them are 20 years behind when writing legislation. Why can't all middle school or high school kids be required to take a well-designed Cyber Threats and Security Course?

 

[TennVet]

https://www.cnn.com/2024/05/01/politics/data-stolen-healthcare-hack/index.html

Up to 1/3 of patients' data may have been breached in the attack. CEO says it's going to take a few months to figure that out.

About the criminal gang, BlackCat: BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security

BlackCat (cyber gang) - Wikipedia

Gee, I wonder if the cost of this ransom will be passed onto patients? Oh I can't imagine that would happen, can you? Ain't the Internet just wonderful? Sunshine and roses in all corners of the place.

Hackers are some of the most savvy tech nerds out there. It's a fact that governments have been known to pay some of them big bucks to use their skills. Some of them care very little about the money, for them it's about hacking a system that is supposed to be bullet proof. If United Healthcare paid out those dollars they should be allowed to deduct it as a business expense. Let that CEO explain that to his shareholders while he has his hand out for a bonus and more stock options.

 

[hawkdon]

Two area hospitals have been hacked in last couple
weeks and two county courts and one municpal govt
has also been hacked,,,,,all within last 30 days...

 

[OneEyedDiva]

One of the basic tenants or rules of storing stuff on computers or in the tech world/servers since the turn of century is back up your files. All files in the business world especially should automatically backed up in some fashion. Alot of data entry comes paper. There should be offices of paper files somewhere even if the patient's doctors. There also should be discs, cds and non networked storage equipment.

Many could see this coming a miles away when E medical files became a thing decades ago.

You are absolutely right What. But sometimes what should be done and what is done are two different things. I think too many organizations have gotten so used to doing things by computer, they forget or neglect or are slow to properly back up files. I've wondered sometimes if I need emergency medical care but my files are unavailable, what happens then? You would think with all the news about the increase in cyber attacks, including ransomware incidents, organizations would make better security and backing up files a priority.

@Myra made a good point as well about not being able to get our prescriptions.

 

[davey]

but just musing wasn't that safer for people that bursting into a bank full of customers and holding up and emptying the bank of notes??

 

[Flarbalard]

Having had to deal with United Health Care, I wouldn't be surprised if it was discovered they were the parent company (employers) of the hackers.

 

[Colleen]

When I worked in medical billing, the worst insurance company to work with was United Healthcare. They kept denying claims for the stupidest reasons because they tried to make the filing time expire so they wouldn't have to pay. They are terrible and they're expensive.

 

[TennVet]

You are absolutely right What. But sometimes what should be done and what is done are two different things. I think too many organizations have gotten so used to doing things by computer, they forget or neglect or are slow to properly back up files. I've wondered sometimes if I need emergency medical care but my files are unavailable, what happens then? You would think with all the news about the increase in cyber attacks, including ransomware incidents, organizations would make better security and backing up files a priority.

@Myra made a good point as well about not being able to get our prescriptions.

I try to be cautious about our online activity, but I just can't live in a bunker the rest of my life. I listen to the guidance of people with more techno skills than me. I feel like it is wise to live below the radar as much as possible.

 

[StarSong]

What were they supposed to do in a circumstance such as this? The article states:
"The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data."

I don't know if would have been possible to hire a techie-hacker to free United Health Care's critical information that was held hostage.

No doubt they tried that before paying the ransom.

 

[OneEyedDiva]

No doubt they tried that before paying the ransom.

And that makes sense Star.

 

[OneEyedDiva]

I try to be cautious about our online activity, but I just can't live in a bunker the rest of my life. I listen to the guidance of people with more techno skills than me. I feel like it is wise to live below the radar as much as possible.

I certainly understand that TennVet. I'm amazed when I see stories about people who are living completely off the grid. I have a friend who's online presence is practically non existent because she worries about scams and hacking. But I told her that even when one doesn't personally do things online, institutions she deals with do, so her information is still subject to be compromised if any of those businesses are compromised. This could include doctors' offices and banks. It's a sad fact of life that this is almost the new norm in our tech based society.

 

[OneEyedDiva]

When I worked in medical billing, the worst insurance company to work with was United Healthcare. They kept denying claims for the stupidest reasons because they tried to make the filing time expire so they wouldn't have to pay. They are terrible and they're expensive.

Well, yet another glowing review of UHC! I'm being faceteous of course. What makes it so bad is that UHC is the insurance AARP pushes.

 

[VaughanJB]

It's not paying a ransom to a hostage taker. It's called enabling criminal behavior.

Except think about it. The choice is stark. You pay a ransom, or you lose all the medical records of the patients. Every financial transaction. Every email. Every note. Every bit of staff data. In effect, you close down and lose all historical information.

The problem here isn't paying ransomware. It's in the IT policies that have allowed the system to be hijacked. Once you're hijacked, you're done.

 

[Colleen]

Well, yet another glowing review of UHC! I'm being faceteous of course. What makes it so bad is that UHC is the insurance AARP pushes.

That's why I've never joined AARP.