Change Healthcare starts sending data breach notifications after cyberattack
Change Healthcare notifies customers of a data breach exposing medical, payment, and personal data. The cyberattack in February disrupted healthcare operations. UnitedHealth faces criticism for delayed breach notifications.
Read original article
Change Healthcare has initiated the process of notifying customers about a data breach following a cyberattack earlier this year. The breach potentially exposed sensitive information such as medical data, payment details, and Social Security numbers of a significant number of Americans. The UnitedHealth subsidiary has begun informing customers about the breach and plans to send letters to affected individuals in late July. The compromised data includes contact information, health insurance details, medical diagnoses, billing information, and personal identifiers. The cyberattack, which occurred in February, disrupted essential healthcare operations for weeks, affecting services like provider payments and prescription fulfillment. While the exact number of individuals impacted has not been disclosed, UnitedHealth's CEO estimated that up to one-third of Americans' data may have been compromised. Change Healthcare has faced criticism for delays in sending breach notifications, prompting federal regulators to intervene. The company is currently in the final stages of reviewing the personal information involved in the breach.
Related
Former IT employee accessed data of over 1M US patients
A former IT employee accessed data of over 1 million US patients in a breach at Nuance, a contractor for Geisinger. Patient info was compromised, excluding financial data. The employee was arrested. Geisinger advised affected individuals to monitor their accounts. A law firm is investigating a potential lawsuit. Geisinger emphasized vigilance.
AT&T says hacker stole some data from 'nearly all' wireless customers
AT&T reports a data breach involving call and text records of wireless customers. Stolen data excludes personal details. Additional cybersecurity measures are in place. Collaboration with law enforcement and agencies ongoing.
AT&T says hacker stole data on 'nearly all' of its wireless customers
AT&T suffered a security breach where a hacker accessed call and text data of wireless customers. The breach occurred between May and October 2022. Personal info was not compromised. Snowflake denied involvement.
AT&T says hackers stole records of nearly all cellular customers calls and texts
Hackers accessed AT&T's system, obtaining call and text records from May to Oct. 2022 and Jan. 2023. The breach did not expose content or personal data but included sensitive phone numbers. AT&T is collaborating with law enforcement to investigate and enhance security measures. Senator Wyden highlighted the need for accountability in data breaches.
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers
Hackers accessed AT&T's systems, compromising phone call and text records for 110 million customers. The breach revealed tower locations but not personal data. AT&T delayed disclosure due to security concerns.
6 commentsI got carded for a chest x-ray two days ago. There’s no universe in which this makes sense. The nail salon asks for your phone number even if you’re a walk-in.
Americans are so used to this that they even have a hand gesture for “papers please”.
For centuries we could transact without ID; why now?
Related:
Change Healthcare hackers used stolen credentials and no MFA, says UHG CEO
https://news.ycombinator.com/item?id=40209894
Single Citrix Compromised Credential Results in $22M Ransom
- Nation-states?
- Criminals?
- 3rd party actors on behalf of nation states?
It seems like there are different levels of security at play.
It seems everyone and their grandmother has had their information in some way exposed to the internet. The time of pseudo-anonymity is over.
This is just an insanely vague and worthless notice. And it is infuriating that healthcare customers are made vulnerable by the vendors used by insurers like Cigna or whoever.
Change is so disingenuous that they admit the following was stolen:
> Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment)
But claim with a straight face that no “full medical histories” were compromised. What sort of two faced word game are they playing? Those ARE full medical histories.
I also saw recently that Fred Hutch was also compromised: https://www.fredhutch.org/en/about/about-the-hutch/accountab...
And of course due to vague partnerships between other hospitals and them, like the University of Washington hospitals, people who were never their customers also were affected.
This has to stop and it has to happen through regulation, fines, jail time, all retroactively applied. All these companies underfund security because posting a notice and offering credit monitoring is all it takes to move on.
Related
Former IT employee accessed data of over 1M US patients
A former IT employee accessed data of over 1 million US patients in a breach at Nuance, a contractor for Geisinger. Patient info was compromised, excluding financial data. The employee was arrested. Geisinger advised affected individuals to monitor their accounts. A law firm is investigating a potential lawsuit. Geisinger emphasized vigilance.
AT&T says hacker stole some data from 'nearly all' wireless customers
AT&T reports a data breach involving call and text records of wireless customers. Stolen data excludes personal details. Additional cybersecurity measures are in place. Collaboration with law enforcement and agencies ongoing.
AT&T says hacker stole data on 'nearly all' of its wireless customers
AT&T suffered a security breach where a hacker accessed call and text data of wireless customers. The breach occurred between May and October 2022. Personal info was not compromised. Snowflake denied involvement.
AT&T says hackers stole records of nearly all cellular customers calls and texts
Hackers accessed AT&T's system, obtaining call and text records from May to Oct. 2022 and Jan. 2023. The breach did not expose content or personal data but included sensitive phone numbers. AT&T is collaborating with law enforcement to investigate and enhance security measures. Senator Wyden highlighted the need for accountability in data breaches.
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers
Hackers accessed AT&T's systems, compromising phone call and text records for 110 million customers. The breach revealed tower locations but not personal data. AT&T delayed disclosure due to security concerns.