3 Interesting Articles

Cyberattack Paralyzes the Largest U.S. Health Care Payment System
NY Times ($): A cyberattack on Change Healthcare, part of UnitedHealth Group, has severely impacted the U.S. medical billing and payment system, leaving many healthcare providers from large networks to small clinics struggling financially. This disruption has hindered their ability to process insurance payments for services, causing significant cash flow issues. The U.S. Health and Human Services Department is attempting to mitigate the financial strain by allowing Medicare reimbursements and urging insurers to waive authorization rules. However, the healthcare industry criticizes these measures as insufficient. The situation has exposed the vulnerability of consolidating healthcare data under large corporations like UnitedHealth Group. Despite a suspected ransom payment to the attackers, the full restoration of services remains uncertain, stressing the healthcare system’s fragility and raising concerns about patient care continuity.

BlackCat Goes Dark After Ripping Off Change Healthcare Ransom
Dark Reading: United Healthcare’s subsidiary, Change Healthcare, supposedly paid a $22 million ransom to the BlackCat/ALPHV ransomware group, but the resolution remains elusive. Allegations surfaced on the Dark Web accusing BlackCat administrators of seizing the ransom for themselves, betraying their affiliates. One affiliate claims to still hold 4TB of sensitive data from Change partners, threatening its release unless compensated. Amidst rumors of an exit scam, BlackCat has taken dramatic steps like shuttering its leak site and selling its ransomware-as-a-service source code, suggesting a potential disbandment or rebranding. Speculations arise about the reasons behind BlackCat’s actions, including possible influences from the Bitcoin market or Russian involvement in Ukraine. Experts believe these developments could destabilize BlackCat’s operations, emphasizing the importance of trust within the cybercriminal community. Change Healthcare has remained focused on investigating the breach.

CISA: No credible election threats, and no contact with social media companies
CyberScoop: In the lead-up to Super Tuesday earlier this week, officials from CISA noted a lack of serious meddling attempts in election infrastructure and highlighted a significant shift in their approach to handling disinformation. Unlike in previous elections, CISA has ceased direct communications and coordination with social media companies on election security, aligning with broader government pullback due to recent legal challenges questioning the constitutionality of such interactions. Recent court rulings suggest that government engagements with social media on disinformation may violate the First Amendment, prompting a cautious stance among federal agencies and creating uncertainty about their role in combating election interference. This change has raised concerns about shifting the burden of monitoring disinformation to under-resourced state and local officials. Meanwhile, proposed legislation aims to further limit federal agencies’ ability to address disinformation, potentially complicating efforts to provide the public with accurate information and protect elections. Despite these challenges, experts believe federal agencies can still support state and local officials through technical analysis and tools to detect manipulated content, suggesting a potential role for nonprofits in this space.

2 Stats You Should Know

75% of organizations suffered at least one ransomware attack last year. (source)

Only 30% of CISOs feel they receive sufficient support from their CEO. (source)

1 More Thing

Daily routine of SOC Analyst (source)