/

Change Health Data Breach: What & How It Happened?

Change Health Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2024, Change Healthcare encountered a cybersecurity incident that potentially impacted sensitive information. The breach caused disruptions to operations and services, leading to various challenges for the affected parties. The attack may have involved unauthorized access to certain data, although some specific types of information appear to have remained secure.

How many accounts were compromised?

The breach impacted data related to more than 100 million individuals.

What data was leaked?

The data exposed in the breach included names, addresses, birth dates, diagnostic images, payment information, Social Security numbers, passport numbers, state ID numbers, health insurance information, and Protected Health Information (PHI).

How was Change Health hacked?

The hackers gained access to Change Healthcare's internal network through a server lacking multi-factor authentication, making it susceptible to brute force attacks and compromised credentials. The ransomware used in the attack was ALPHV/Blackcat ransomware. Specific details about back door entry points and their closure remain unclear.

Change Health's solution

In response to the hack, Change Healthcare took several measures to secure its platform and prevent future incidents. Although specific details on additional security measures remain unclear, the company enlisted the help of cybersecurity experts Mandiant and Palo Alto Networks for a forensic investigation and remediation of the cyberattack. The American Medical Association (AMA) conducted surveys to assess the impact of the cyberattack on physician practices and communicated with various stakeholders, including the Department of Health and Human Services (HHS), CMS, and health insurers, to address the issue. The AMA also provided resources and tips for physicians and healthcare staff to protect patient health records and other data from cyberattacks.

How do I know if I was affected?

Change Healthcare has not explicitly mentioned reaching out to affected users. However, if you believe you may have been affected by the breach, you can visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any accounts that may have been affected. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the appropriate parties.

For more specific help and instructions related to Change Healthcare's data breach, please contact Change Healthcare support directly.

Where can I go to learn more?

If you want to find more information on the Change Health data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Change Health Data Breach: What & How It Happened?

Change Health Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2024, Change Healthcare encountered a cybersecurity incident that potentially impacted sensitive information. The breach caused disruptions to operations and services, leading to various challenges for the affected parties. The attack may have involved unauthorized access to certain data, although some specific types of information appear to have remained secure.

How many accounts were compromised?

The breach impacted data related to more than 100 million individuals.

What data was leaked?

The data exposed in the breach included names, addresses, birth dates, diagnostic images, payment information, Social Security numbers, passport numbers, state ID numbers, health insurance information, and Protected Health Information (PHI).

How was Change Health hacked?

The hackers gained access to Change Healthcare's internal network through a server lacking multi-factor authentication, making it susceptible to brute force attacks and compromised credentials. The ransomware used in the attack was ALPHV/Blackcat ransomware. Specific details about back door entry points and their closure remain unclear.

Change Health's solution

In response to the hack, Change Healthcare took several measures to secure its platform and prevent future incidents. Although specific details on additional security measures remain unclear, the company enlisted the help of cybersecurity experts Mandiant and Palo Alto Networks for a forensic investigation and remediation of the cyberattack. The American Medical Association (AMA) conducted surveys to assess the impact of the cyberattack on physician practices and communicated with various stakeholders, including the Department of Health and Human Services (HHS), CMS, and health insurers, to address the issue. The AMA also provided resources and tips for physicians and healthcare staff to protect patient health records and other data from cyberattacks.

How do I know if I was affected?

Change Healthcare has not explicitly mentioned reaching out to affected users. However, if you believe you may have been affected by the breach, you can visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any accounts that may have been affected. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the appropriate parties.

For more specific help and instructions related to Change Healthcare's data breach, please contact Change Healthcare support directly.

Where can I go to learn more?

If you want to find more information on the Change Health data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Change Health Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2024, Change Healthcare encountered a cybersecurity incident that potentially impacted sensitive information. The breach caused disruptions to operations and services, leading to various challenges for the affected parties. The attack may have involved unauthorized access to certain data, although some specific types of information appear to have remained secure.

How many accounts were compromised?

The breach impacted data related to more than 100 million individuals.

What data was leaked?

The data exposed in the breach included names, addresses, birth dates, diagnostic images, payment information, Social Security numbers, passport numbers, state ID numbers, health insurance information, and Protected Health Information (PHI).

How was Change Health hacked?

The hackers gained access to Change Healthcare's internal network through a server lacking multi-factor authentication, making it susceptible to brute force attacks and compromised credentials. The ransomware used in the attack was ALPHV/Blackcat ransomware. Specific details about back door entry points and their closure remain unclear.

Change Health's solution

In response to the hack, Change Healthcare took several measures to secure its platform and prevent future incidents. Although specific details on additional security measures remain unclear, the company enlisted the help of cybersecurity experts Mandiant and Palo Alto Networks for a forensic investigation and remediation of the cyberattack. The American Medical Association (AMA) conducted surveys to assess the impact of the cyberattack on physician practices and communicated with various stakeholders, including the Department of Health and Human Services (HHS), CMS, and health insurers, to address the issue. The AMA also provided resources and tips for physicians and healthcare staff to protect patient health records and other data from cyberattacks.

How do I know if I was affected?

Change Healthcare has not explicitly mentioned reaching out to affected users. However, if you believe you may have been affected by the breach, you can visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any accounts that may have been affected. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes to the appropriate parties.

For more specific help and instructions related to Change Healthcare's data breach, please contact Change Healthcare support directly.

Where can I go to learn more?

If you want to find more information on the Change Health data breach, check out the following news articles: