Federal data breach may be the biggest hack in US history
7 hours ago
- #healthcare
- #cybersecurity
- #data-breach
- The cyberattack on Change Healthcare, detected in February 2024, is the largest exposure of personal health data in U.S. history, affecting approximately 190 million people.
- Attackers gained access through a Citrix portal lacking multifactor authentication, leading to data exfiltration and ransomware deployment within nine days.
- UnitedHealth Group paid a $22 million ransom to regain system control, drawing criticism for potentially incentivizing future attacks.
- The breach's scope expanded from 100 million to 190 million affected individuals, surpassing previous records like the 2015 OPM hack (21 million affected).
- Unlike prior cyber incidents (e.g., SolarWinds), this attack targeted a commercial healthcare chokepoint, disrupting prescriptions, payments, and care nationwide.
- Stolen data includes health records, insurance details, and payment information, posing long-term risks of financial fraud and medical identity theft.
- Regulators and lawmakers are scrutinizing the incident as a case study for cybersecurity in critical health infrastructure, with calls for stricter authentication and notification rules.
- The breach highlights systemic vulnerabilities in centralized healthcare processing, prompting reevaluation of vendor dependence and backup solutions.
- Patients face enduring risks, as stolen health data cannot be easily remediated like credit card information, complicating future care and privacy.