Hackers were inside Change Healthcare’s systems 9 days before attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Cybercriminals who broke into Change Healthcare’s systems and held data for ransom on the dark web likely had access to the company’s network for more than a week prior to any attack. 

According to coverage from the Washington Post, the hackers had access to Change Healthcare’s systems as early as Feb. 12, nine days before the Feb. 21 ransomware incident took place. Citing “a person familiar with the cyber investigation,” the group was reportedly able to use stolen credentials on a remote access application that gives employees entry into Change Healthcare’s network. 

Regardless of how it happened, the data breach disrupted insurance payments across the country, with ripple effects that still persist over two months later. 

Despite paying a $22 million ransom, data stolen from the hack ended up on the dark web when Change Healthcare and parent company UnitedHealth Group failed to pay a second ransom. More concerning, the criminals claimed to have names, addresses, contact information, insurance information and detailed medical histories on nearly every American—all of which are now for sale on the dark web.

In a statement released earlier this week, UnitedHealth seemed to confirm the hackers’ claims, writing that the data taken contained personal health information from “a substantial proportion of people in America,” including high-profile individuals such as politicians and active duty military. However, the company said it has “not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data,” adding that it will take months to identify and notify everyone whose data was compromised.


Click Here For The Original Story From This Source.


National Cyber Security