Change Healthcare Confirms Ransomware Hackers Stole Medical Records on a 'Substantial Proportion' of Americans

Change Healthcare has confirmed a February ransomware attack on its systems, which brought widespread disruption to the U.S. healthcare system for weeks and resulted in the theft of medical records affecting a "substantial proportion of people in America." TechCrunch: In a statement Thursday, Change Healthcare said it has begun the process of notifying affected individuals whose information was stolen during the cyberattack. The health tech giant, owned by U.S. insurance conglomerate UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector. As such, the company has access to massive amounts of health information on about a third of all Americans.

Mismatch

[The Cat]

You see, the outcome doesn't seem match the obsessive inquisition-like zeal with which you goddamn cowards disqualify people in job interviews. By your manner, one could only assume you hired the top tenth of a percent of the talent available after putting them through ten interviews.

Except then we hear story after story after STORY where your so-called rock stars and gurus shit the bed to the point where the entire building has to be bulldozed to rid the neighborhood of the smell.

With the inevitable appeal to Congress (of course) so all the underemployed can bail your incompetent asses out with their half-salary paychecks.

Just out of curiosity, did your company have the same hiring practices as Disney? How many qualified cybersecurity people did you overlook while you were cutting costs? Which senior executive is going to take responsibility? I'm going to guess the answers to those questions are "all of them" and "none" respectively.

So on behalf of the people whose lives you ruined because you denied them the job they earned, fuck you.

Re:

[Anonymous Coward]

If I had points to award you today, I would.

Bear in mind that all insurance companies are scams to fund the trading and money laundering efforts of their C-level staff. They don't actually give a shit about the security of their marks'^h^h^h^h^h^Hcustomers' information.

Government-mandated insurance is the most damaging organized crime committed against any society.

Re:

[NotEmmanuelGoldstein]

Government-mandated insurance ...

Most countries have mandatory insurance: For car-ownership, for healthcare, and some for ambulance services. While capping annual profits and dividends help make insurance corporations honest, the real difference is competition: That's easy for cars, it's very difficult for healthcare. You don't know what health plan you need until you're sick, the number of details in a health plan makes it time-consuming to analyze and rank, the corporations copy each other resulting in little meaningful difference be

Penalty

[dotslashdot]

Every C level should be fired and have to pay back their entire salary earned from the company and be banned from ever working as a C level again at any company. The company should be sued into oblivion and dissolved. Anything less would make no changes anywhere. This is a breach of fiduciary duty, particularly with HIPPA, as well as a national security threat. Perhaps the US should send in troops and invade corporate headquarters.

Punishment

[jmccue]

What punishment will this company get:

1. CEO will end up before Congress. Then off for a round of golf with congress people for lobbying.

2. Company will be fined 2 US cents, that is based upon what a Traffic Fine for a Regular person would be, prorated towards their wealth.

3. Company will announce better security

4. Company *may* provide security monitoring for customers, but in reality it will be provided for free by the monitoring company. The monitoring Company will do nothing for you but ask you to provide PI to sign up, then flood you with adverts.

5. Maybe a few Lawyers will start a class action suite, get a few million USD payout and send the customers a check for 1 USD. But to get the check you need to provide PI which will be sold to data brokers.

Nothing like looking out for the little guy.

What really should happen:

1. CEO is jailed

2. Cpt 11 not allowed

3. Company is fined 10% of their yearly revenue for the next 20 years, this includes all parent companies and subsidiaries.

4. Customers get real free credit monitoring for 7 years

But we know this will never happen.

Re:

[Skjellifetti2]

What really should happen:

5. Convert the company to a mutual insurance company owned by their policyholders and make the old management pay the fines out of their personal pockets.

standards wont save you

[awwshit]

https://www.hipaajournal.com/h... [hipaajournal.com]

Security is useless when everyone has access. It is not enough to secure the perimeter.

baskets

[groobly]

Everyone decided to put their eggs in the same basket.

CHC employee here

[Anonymous Coward]

CHC employee here, posting anon for obvious reasons...

1) if you've ever visited a doctor in the US, there's a very good chance that some of your info is in there. Sorry, that's just the truth.

2) They're still chafing at REAL security. They'd rather have "easy" (lax) security that doesn't inconvenience anyone rather than real security, which is often inconvenient. It's better than it was, but anything would have been better than it was.

3) This recovery will go on for months but things will be a lot cleaner