Ransomware Strikes UnitedHealth Group, Exposing Patient Data

On March 4, 2024, UnitedHealth Group was significantly impacted by a ransomware attack executed by the ALPHV gang. This breach targeted Change Healthcare, a subsidiary, resulting in the theft of 6 terabytes of sensitive data, including personal health information. The attack disrupted services for U.S. military clinics and hospitals, raising concerns about patient safety and data security on a national level. The incident underscores the vulnerabilities present in healthcare systems, which are increasingly targeted by sophisticated cybercriminals. As organizations grapple with this growing threat, the need for enhanced cybersecurity measures and robust incident response plans becomes critical. The ALPHV gang continues to evolve its tactics, making it imperative for defenders to stay ahead of emerging threats. Source

Also In Security Today

• Cutout.Pro Data Breach: The AI-powered photo editing service suffered a breach, exposing personal data of around 20 million users, including emails and hashed passwords. The breach was confirmed by a cybercriminal on a hacking forum. Source

• Lurie Children’s Hospital Attack: The Rhysida ransomware gang attacked the Chicago hospital, claiming to have stolen 600 GB of sensitive data and demanding 60 BTC (approximately $3.7 million) in ransom, significantly disrupting patient care. Source

• Vulnerabilities and Patches: CISA issued warnings about critical vulnerabilities affecting key sectors, specifically in products from Ivanti and Microsoft. Organizations are urged to prioritize patching to mitigate risks. Source