Tag: Change Healthcare

  • Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension, one of the largest private healthcare systems in the United States, has confirmed that a recent data breach has compromised the personal and healthcare information of over 430,000 patients. The breach was disclosed in notification letters sent to affected individuals in April, revealing that the data was stolen during a cyber incident affecting a former business partner of the organization earlier in December.

    The breach allowed attackers to access sensitive personal health information, including details about inpatient visits, such as physician names, admission and discharge dates, diagnosis, billing codes, and medical record numbers. Additionally, personal details such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers (SSNs) were also exposed.

    Ascension stated in a public communication, “On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.” Source

    The incident has particularly impacted individuals in Texas and Massachusetts, where the totals are reported as 114,692 and 96 respectively. Although Ascension initially withheld the exact number of affected individuals, an April 28 filing with the U.S. Department of Health & Human Services (HHS) later revealed that 437,329 individuals were impacted by the breach.

    To assist those affected, Ascension is offering two years of complimentary identity monitoring services, which include credit monitoring, fraud consultation, and identity theft restoration services. Despite this, details surrounding the breach affecting the former business partner remain sparse, though experts suggest that it may be linked to a series of ransomware attacks exploiting a critical flaw in Cleo secure file transfer software. Source

    Only last year, Ascension notified nearly 5.6 million patients and employees of a major ransomware attack attributed to the Black Basta group, which resulted from an employee inadvertently downloading a malicious file. This incident significantly disrupted Ascension’s operations, forcing staff to revert to manual record-keeping and halt non-emergency medical services. Source

    With a workforce exceeding 142,000, Ascension operates 142 hospitals and 40 senior care facilities across North America and reported revenues of $28.3 billion in 2023. As the healthcare industry grapples with increasing cyber threats, Ascension’s incident underscores the need for stringent data security measures.

  • Data Breach at Blue Shield of California Sparks Concern Among Security Leaders

    Data Breach at Blue Shield of California Sparks Concern Among Security Leaders

    In a recent revelation, Blue Shield of California has experienced a significant data breach, raising alarms among security experts across the nation. The breach reportedly involved unauthorized access to sensitive data affecting countless members. Security leaders have shared their insights on the implications of this incident, emphasizing the growing challenges in safeguarding consumer information in the digital age.

    The incident not only underscores the vulnerabilities that many organizations face but also highlights the urgent need for robust cybersecurity measures. According to reports, the breach exposed the personal information of members, leading many to question the effectiveness of existing security practices at healthcare organizations. Experts suggest that such breaches are becoming increasingly common and call for better preventative strategies.

    Security professionals have pointed to the breach as a critical reminder of the importance of comprehensive security protocols. Recommendations from industry leaders include implementing stricter access controls, conducting regular security assessments, and fostering a culture of security awareness among employees. The need for organizations to remain vigilant is paramount, as cybercriminals continue to refine their tactics.

    As responses are initiated and investigations commence, Blue Shield of California faces a growing public outcry. Stakeholders are urging the organization to take more decisive action to protect its members’ data, ensuring that such incidents do not recur.

  • New ResolverRAT Malware Targets Global Healthcare and Pharmaceutical Sectors

    New ResolverRAT Malware Targets Global Healthcare and Pharmaceutical Sectors

    A new remote access trojan (RAT) named ResolverRAT has emerged as a potent threat targeting healthcare and pharmaceutical organizations worldwide. Recent reports indicate that the malware has been distributed primarily through phishing emails that disguise themselves as legal or copyright violations, customized to appeal to the language preferences of the targeted regions.

    The phishing campaigns aim to lure victims into downloading a legitimate executable file named ‘hpreader.exe’. Once installed, this file is leveraged to inject the malware directly into the system’s memory using reflective DLL loading techniques. This new threat was disclosed by Morphisec, who indicated that the same phishing framework had previously been noted in research from Check Point and Cisco Talos, though those analyses failed to pinpoint the distinct Payload of ResolverRAT which deviates from previously identified threats like Rhadamanthys and Lumma stealers.

    ResolverRAT operates with a high degree of stealth, entirely within memory, and takes advantage of the .NET ‘ResourceResolve’ events to load malicious assemblies. This approach allows it to circumvent traditional security measures that largely monitor API calls and file system interactions. Morphisec has described this tactic as a sophisticated evolution of malware, utilizing overlooked .NET mechanisms for concealed operations. The malware’s impressive evasion capabilities extend to its ability to conduct intricate control flow obfuscation, making static analysis extraordinarily challenging.

    In terms of persistence, ResolverRAT utilizes XOR-obfuscated keys and embeds itself within the Windows Registry across up to 20 locations. The malware is designed to schedule callbacks at random intervals, blending its network traffic patterns with regular traffic to escape detection. Additionally, it boasts data exfiltration capabilities, enabled through a chunking mechanism that splits large files into smaller 16KB segments. This strategy assists in bypassing detection as it mimics normal data transfer behavior. Morphisec detected phishing attempts in numerous languages, including Italian, Czech, Hindi, Turkish, Portuguese, and Indonesian, indicating a global scope and the potential for further expansion of its operations [Morphisec].

  • Change Healthcare Ransomware Attack Marks Historic Data Breach in the U.S.

    Change Healthcare Ransomware Attack Marks Historic Data Breach in the U.S.

    In February 2024, Change Healthcare fell victim to a significant ransomware attack, now recognized as the largest data breach of its kind in American history. This breach had a catastrophic impact, affecting thousands of healthcare providers who rely on Change Healthcare for vital data exchange and financial transactions. Outages endured for months, forcing healthcare providers to cancel appointments and turn away patients until systems could be recovered.

    The repercussions of the attack led to United Health Group, the parent company of Change Healthcare, paying a ransom of $22 million to prevent the leakage of sensitive patient data. This incident has brought to light the vulnerabilities that exist within the healthcare sector, primarily caused by reliance on third-party vendors.

    Healthcare organizations often depend on third-party vendors for essential services, which increases their exposure to potential data breaches. The Change Healthcare attack underscores the critical importance of comprehensive cybersecurity protocols. Organizations must closely evaluate their vendor partnerships to ensure that sensitive patient data remains protected and operations can continue seamlessly.

    Moreover, the incident highlights the need for robust security audits to ascertain the effectiveness of existing cybersecurity measures. These audits should identify vulnerabilities and confirm that third-party vendors meet necessary regulatory standards. As cybersecurity threats grow in both frequency and sophistication, healthcare organizations must also prioritize business continuity plans. Resilience in the face of disruptive events is becoming increasingly essential in maintaining service delivery and protecting patient care.

    Ultimately, the Change Healthcare breach serves as a sobering reminder that no organization is completely immune to cyber threats. Collaboration among industry peers is vital to sharing best practices and navigating the evolving landscape of cybersecurity risks.