In February 2024, UnitedHealth Group’s subsidiary, Change Healthcare, experienced a significant cybersecurity incident attributed to the BlackCat (ALPHV) ransomware group. The breach compromised the sensitive information of approximately 190 million individuals, marking it as one of the largest healthcare data breaches to date.

The attackers exploited a Citrix remote access portal that lacked multifactor authentication, allowing them to infiltrate the system using compromised credentials. Once inside, they moved laterally across the network, exfiltrated data, and deployed ransomware after nine days. The stolen data encompassed health insurance details, medical records, billing information, and, in certain instances, Social Security numbers and financial data.

This incident underscores the critical importance of implementing robust cybersecurity measures within healthcare infrastructures. Basic protocols, such as enabling multifactor authentication, are essential to safeguard against such breaches and protect sensitive patient information.

Sources:
Routers
TechCrunch