�鶹Ů��

Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack. RansomHub claimed responsibility for attacking Change Healthcare in the last few hours, saying it had 4 TB of the company's data containing personally identifiable information (PII) belonging to active US military personnel and other patients, medical records, payment information, and more. The miscreants are demanding a ransom payment from the healthcare IT business within 12 days or its data will be sold to the highest bidder. (Jones, 4/8)

“This comes as no surprise. We had previously outlined this scenario in our blog post, foreseeing the potential for such alliances in the cybercriminal ecosystem,” Ngoc Bui, a cybersecurity expert at Menlo Security, told SC Media in an email. “The involvement of a middleman, typical in ransomware-as-a-service (RaaS) attacks, adds another level of complexity and risk. It complicates the direct line of negotiation and payment to the threat actors with the data that was stolen.” RansomHub began a countdown of just over 12 days for UnitedHealth to make a ransom payment before the dataset is sold. (French, 4/8)

More than 144 million Americans' medical information was stolen or exposed last year in a record-breaking number of health care data breaches, a USA TODAY analysis of Health and Human Services data found. (Garzella, 4/9)  

Health care data breaches soared to record-breaking levels in 2023, fueled by a surge in ransomware attacks and increased targeting of the third-party vendors hospitals and other health care providers use. Exposure of protected health information and personally identifiable information can put patients at risk of identity theft or insurance fraud. “Be careful not to share sensitive information over e-mail, text messages or other communication paths that might not be so secure,” said Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center. (Garzella, 4/9)

Senators Josh Hawley (R-Missouri) and Richard Blumenthal (D-Connecticut) announced Friday that they wrote to UnitedHealth Group Chief Executive Officer Andrew Witty asking a series of questions relating to what they called UHG's lack of "sufficient redundancy to prevent an outage," a timeline of events relating to the February 21 ransomware attack and how UHG is filling the revenue gap providers are experiencing The senators requested responses by April 15. (Fox, 4/8)

�鶹Ů�� Health News: After Public Push, CMS Curbs Health Insurance Agents’ Access To Consumer SSNs

Until last week, the system that is used to enroll people in federal Affordable Care Act insurance plans inadvertently allowed access by insurance brokers to consumers’ full Social Security numbers, information brokers don’t need. That raised concerns about the potential for misuse. (Appleby, 4/9)