UnitedHealth hack could have far-reaching impact | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

If you do business with CVS Caremark or have a Medicare account, you would be smart to change your credentials sooner rather than later. In the wake of the cyberattack on UnitedHealth Group’s Change Healthcare, CyberScoop reports that both of those may be in the line of fire.

The cybercrime ring behind the Change theft – “notchy” – claims it stole 4 terabytes of data in that hack, including information on “tens of insurance companies and others,” including data from CVS Caremark, Medicare, Loomis, Davis Vision, Health Net, MetLife, and Teachers Health Trust data, and TRICARE.

This may be a revenge move by notchy because it claims it was left out of the $22 million ransom payment UnitedHealth reportedly made to affiliate BlackCat/ALPHV.

You can’t be too careful

Whether notchy follows through on its threat or not, you still can’t be too careful.

“The leakage of such sensitive data not only poses a direct threat to the privacy and security of millions of beneficiaries but also has broader implications for national security,” people who researched the situation for Menlo Security, said.

However, the full determination of what was stolen has yet to be officially made. A spokesperson for CVS Caremark told Cyberscoop that “Change Healthcare has not confirmed whether any member or patient information it holds, including CVS Health and CVS Caremark, was affected by this incident at this time.”  

And United? 

“We’re determined to make this right,” the company posted on its website. “UnitedHealth Group continues to make progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare services while continuing to expand financial assistance to affected providers.”

Healthcare provider hacks are through the roof

United, CVS, and Medicare may be the ones headlining this story, but they’re far from the only ones. Since the beginning of 2024, the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal details more than 17 million healthcare-related records reported as hacked, stolen, etc.

The five largest of the healthcare providers or health plans hit were:

  • Emergency Medical Services Authority (Oklahoma) with 611,743 individuals affected

  • Group Health Cooperative of South Central Wisconsin, 533,809

  • Otolaryngology Associates, LLC (Indiana), 316,802

  • Aveanna Healthcare (Georgia), 65,482

  • Ezras Choilim Health Center, Inc. (New York), 59,861

Time to clean up your act

It’s crucial to remember that some of the possible impacts are speculative. Investigations are ongoing, and the full extent of the breach may not yet be clear. However, if what the hackers claim is true and they decide to start selling the data, the snowball effect could be great. 

Exposed health information is a prime target for identity theft and related fraud as it contains lots of personally identifiable information (PII). Social Security numbers, birthdays, addresses, emergency contacts, and all the stuff we’ve been filling out on those medical forms could fall into the wrong hands.

Changing your information after the theft won’t prevent its misuse, but revisiting what PII you’ve given your healthcare provider might save your information from being abused in a future incident.

You should also go to the HSS website that has all the recent data breaches and search to see if your healthcare provider has been involved in a breach. If they were, the agency suggests you may want to verify the information in your medical record, and/or ask for that information to be corrected. You can do that by requesting a copy of your of your health information and/or requesting an amendment to your health information.

The original headline of this story suggested CVS Caremark was a victim of a hack. It was not.

(function () {
var customDelay = 10000;
function addScript(src) {
var script = document.createElement(‘script’);
script.async = true;
script.src = src;

// ================================ BouncePilot ================================
setTimeout(function() {
}, customDelay);
// ================================ End BouncePilot ================================

// ================================ Navistone Global ================================
setTimeout(function() {
}, customDelay);
// ================================ End Navistone Global ================================

// ================================ Facebook Pixel ================================
var FACEBOOK_ID = ‘1036069066452108’;

s.parentNode.insertBefore(t,s)}(window, document,’script’,
fbq(‘init’, FACEBOOK_ID);
fbq(‘track’, ‘PageView’);
// ================================ End Facebook Pixel ================================

// ================================ GA4 ================================
var GTAG4_ID = ‘G-460ZBF3W58’;

window.addEventListener(‘DOMContentLoaded’, function() {
var sessionIdCookie = document.cookie.split(‘; ‘).find(function(row) { return row.startsWith(‘CA_SESSION_ID=’) });
var sessionId = sessionIdCookie ? sessionIdCookie.split(‘=’)[1] : null;

var script = document.createElement(‘script’);
script.async = true;
script.src=”” + GTAG4_ID;
window.dataLayer = window.dataLayer || [];
function gtag() {dataLayer.push(arguments);}
gtag(‘js’, new Date());
gtag(‘config’, GTAG4_ID);
gtag(‘event’, ‘page_view’, {
page_type: window.CDPData.page_type,
page_title: document.title,
session_id: sessionId,
page_location: document.URL,
category_id: window.CDPData.category_id,
page_referrer: document.referrer,
collection_type: ‘mp’,
user_agent: window.navigator.userAgent,
device_category: /iPad/.test(navigator.userAgent)?”tablet”:/Mobile|iP(hone|od)|Android|BlackBerry|IEMobile|Silk/.test(navigator.userAgent)?”mobile”:”desktop”,
// ================================ End GA4 ================================

// ================================ Retention ================================
function initRetention() {
!function(){var geq=window.geq=window.geq||[];if(geq.initialize) return;if (geq.invoked){if (window.console && console.error) {console.error(“GE snippet included twice.”);}return;}geq.invoked = true;geq.methods = [“page”, “suppress”, “trackOrder”, “identify”, “addToCart”, “callBack”, “event”];geq.factory = function(method){return function(){var args =;args.unshift(method);geq.push(args);return geq;};};for (var i = 0; i < geq.methods.length; i++) {var key = geq.methods[i];geq[key] = geq.factory(key);}geq.load = function(key){var script = document.createElement("script");script.type = "text/javascript";script.async = true;if (location.href.includes("vge=true")) {script.src = "" + key + "/ge.js?v=" + Math.random();} else {script.src = "" + key + "/ge.js";}var first = document.getElementsByTagName("script")[0];first.parentNode.insertBefore(script, first);};geq.SNIPPET_VERSION = "1.6.1";

setTimeout(initRetention, customDelay);
// ================================ End Retention ================================

// ================================ TikTok Pixel ================================
function initTiktok() {
var tiktokCategories = ['774', '60', '771', '362', '1594'];

if (tiktokCategories.includes(window.CDPData.category_id)) {
!function (w, d, t) {
w.TiktokAnalyticsObject=t;var ttq=w[t]=w[t]||[];ttq.methods=["page","track","identify","instances","debug","on","off","once","ready","alias","group","enableCookie","disableCookie"],ttq.setAndDefer=function(t,e){t[e]=function(){t.push([e].concat(,0)))}};for(var i=0;i<ttq.methods.length;i++)ttq.setAndDefer(ttq,ttq.methods[i]);ttq.instance=function(t){for(var e=ttq._i[t]||[],n=0;n<ttq.methods.length;n++)ttq.setAndDefer(e,ttq.methods[n]);return e},ttq.load=function(e,n){var i="";ttq._i=ttq._i||{},ttq._i[e]=[],ttq._i[e]._u=i,ttq._t=ttq._t||{},ttq._t[e]=+new Date,ttq._o=ttq._o||{},ttq._o[e]=n||{};var o=document.createElement("script");o.type="text/javascript",o.async=!0,o.src=i+"?sdkid="+e+"&lib="+t;var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(o,a)};

}(window, document, 'ttq');

window.addEventListener('DOMContentLoaded', function () {
setTimeout(initTiktok, customDelay);
// ================================ End TikTok Pixel ================================


Click Here For The Original Story From This Source.


National Cyber Security