Nebraska Sues UnitedHealth Unit Over 100 Million Patient Data Breach 16
Nebraska's attorney general has sued Change Healthcare over a massive data breach that exposed sensitive medical information of more than 100 million Americans following a February ransomware attack. The lawsuit alleges the UnitedHealth-owned company failed to implement basic security measures, including multi-factor authentication, allowing hackers to breach its systems using credentials from a customer support employee that were posted on Telegram.
The Russian-speaking ALPHV ransomware group accessed personal health records, financial data and treatment information across Change Healthcare's poorly segmented network, according to the complaint filed by Attorney General Mike Hilgers.
The Russian-speaking ALPHV ransomware group accessed personal health records, financial data and treatment information across Change Healthcare's poorly segmented network, according to the complaint filed by Attorney General Mike Hilgers.
Re: (Score:2)
Re: (Score:2)
Change Health is owned by UnitedHealth - its literally in TFS
Re: (Score:2)
"the UnitedHealth-owned company"
It was in the summary.
It's like asking is it Facebook or Meta.
Re: (Score:2)
Now, now. Let's be fair. this isn't a new level of rushing at all. Sometimes people don't even finish reading the headline before commenting something silly.
Cat has my tongue (Score:4, Interesting)
January 2021, UnitedHealth Group's Optum Insight unit agreed to acquire Change Healthcare in a deal valued at $13 billion
On March 4, 2024, Reuters reported that a bitcoin payment equivalent to nearly USD $22 million had been made to a cryptocurrency wallet "associated with ALPHV". United Health did not comment on the payment, instead stating that the organization was "focused on the investigation and the recovery." On the same day, a Wired reporter stated that the transaction looked "very much like a large ransom payment."
And they say crime doesn't pay.
Re: (Score:2)
The suits and bean counters did the math and saw paying the ransom was the cheapest option.
Re: (Score:2, Troll)
The suits and bean counters did the math and saw paying the ransom was the cheapest option.
Maybe if they spent less time denying necessary healthcare and murdering their customers, they would have better IT security.
LM
Medical field has no idea about infosec. (Score:2)
Were I am we are dealing with two competing vendors, won't name names -- but both are big healthcare names.
The atrocities they keep coming up as design docs scares us at a very deep level -- and we can't do much because the owner of the medical stuff where i am has a gun to our heads "You WILL use this, and you WILL make it work." So, we'll make it work as best we can, while securing everything as best we can.
Never you mind that the infosec holes in the designs we keep gettig are so huge you can drive an a
Asking the real question (Score:4, Insightful)
Did Brian Thompson get his bonus for keeping costs down through laying off IT security personnel?
Re: (Score:2)
100 million? (Score:3)
I'd guess that only a small percentage of those patients were in Nebraska.
So the State gets millions of $ (Score:1)
perhaps the board needs (Score:2)
They should hold the CEO accountable (Score:1)