{"id":24742,"date":"2024-06-24T09:10:11","date_gmt":"2024-06-24T17:10:11","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/06\/24\/news-18472\/"},"modified":"2024-06-24T09:10:11","modified_gmt":"2024-06-24T17:10:11","slug":"news-18472","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/06\/24\/news-18472\/","title":{"rendered":"Change Healthcare confirms the customer data stolen in ransomware attack"},"content":{"rendered":"\n<p>For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack.<\/p>\n<p>First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at pharmacies across the United States. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on. The <a href=\"https:\/\/www.threatdown.com\/blog\/change-healthcare-outages-reportedly-caused-by-ransomware\/\">ransomware group ALPHV<\/a> claimed responsibility for the attack.<\/p>\n<p>But shortly after, the ALPHV group disappeared in an <a href=\"https:\/\/www.malwarebytes.com\/blog\/ransomware\/2024\/03\/alphv-ransomware-gang-fakes-own-death-fools-no-one\">unconvincing exit scam<\/a> designed to make it look as if the FBI had seized control over the group\u2019s website. Then a new ransomware group, RansomHub, listed the organization as a victim on its dark web leak site, saying it possessed 4 TB of \u201chighly selective data,\u201d relating to \u201call Change Health clients that have sensitive data being processed by the company.\u201d<\/p>\n<p>In April, parent company <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/04\/substantial-proportion-of-americans-may-have-had-health-and-personal-data-stolen-in-change-healthcare-breach\">UnitedHealth Group released an update<\/a>, saying:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cBased on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.\u201d<\/p>\n<\/blockquote>\n<p>Now, Change Healthcare has <a href=\"https:\/\/www.changehealthcare.com\/hipaa-substitute-notice?udm=14\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">detailed<\/a> the types of medical and patient data that was stolen. Although Change cannot provide exact details for every individual, the exposed information may include:<\/p>\n<ul>\n<li>Contact information: Names, addresses, dates of birth, phone numbers, and email addresses.<\/li>\n<li>Health insurance information: Details about primary, secondary, or other health plans\/policies, insurance companies, member\/group ID numbers, and Medicaid-Medicare-government payor ID numbers.<\/li>\n<li>Health information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.<\/li>\n<li>Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.<\/li>\n<li>Other personal information: Social Security numbers, driver\u2019s license or state ID numbers, and passport numbers.<\/li>\n<\/ul>\n<p>Change Healthcare added:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review.\u201d<\/p>\n<\/blockquote>\n<p>Change Healthcare says it will send written letters\u2014as long as it has a person&#8217;s address and they haven&#8217;t opted out of notifications\u2014once it has concluded the data review.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\">Protecting yourself after a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the <a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor&#8217;s advice.<\/strong> Every breach is different, so check with the vendor to find out what&#8217;s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong> You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\">strong password<\/a>&nbsp;that you don&#8217;t use for anything else. Better yet, let a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong> If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong> The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It&#8217;s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong> <a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a> alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\"><strong>Check your digital footprint<\/strong><\/h2>\n<p>Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>&nbsp;and we\u2019ll give you a report and recommendations.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identit<\/strong>y<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using <a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">identity protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/06\/change-healthcare-confirms-the-customer-data-stolen-in-ransomware-attack\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Change Healthcare has detailed the types of medical and patient data that was stolen in a recent ransomware attack. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[30957,32,5897,31576],"class_list":["post-24742","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-change-healthcare","tag-news","tag-privacy","tag-unitedhealthgroup"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24742"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24742\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}