Back To Resource Center

Published: April 19, 2024

Security 3-2-1 Week of 4/19/2024

By Annie articles

3 Interesting Articles

UnitedHealth: Change Healthcare cyberattack caused $872 million loss
Bleeping Computer: UnitedHealth Group faced a significant financial hit due to a ransomware attack on its subsidiary, Change Healthcare, impacting its Q1 earnings by $872 million from a total of $7.9 billion. This loss included $593 million in direct response costs and $279 million from business disruptions, with an additional $800 million reserved for potential claims issues related to the cyberattack. Despite these setbacks, UnitedHealth reported a growth in first-quarter revenues to $99.8 billion, an increase of nearly $8 billion from the previous year. The company anticipates a full-year earnings impact of $1.15 to $1.35 per share. The February cyberattack disrupted billing and claims services across U.S. healthcare providers, leading to a $22 million ransom theft in a double-extortion scheme. Recently, the RansomHub gang began leaking sensitive data, threatening further leaks unless another ransom is paid, intensifying ongoing challenges for UnitedHealth as it navigates recovery and secures its systems.

Criminal exploits of Scattered Spider earn respect of Russian ransomware hackers
CBS News: In a striking evolution of cybercrime, young hackers from the U.S., U.K., and Canada have teamed up with Russian ransomware groups, escalating attacks on diverse sectors including hospitals, tech firms, and Las Vegas casinos. This global menace, emphasized by the FBI as an “enormous problem,” results in estimated losses surpassing $1 billion annually. The group known as Scattered Spider, also recognized under various aliases, has become infamous for their social engineering prowess, blending Western cultural fluency with sophisticated cyberattack strategies. Their partnership with the notorious Russian ransomware gang, BlackCat, signifies a troubling collaboration enhancing their ability to execute impactful ransomware attacks. Notably, the September 2023 attack on MGM Resorts inflicted over $100 million in damages, highlighting the hackers’ advanced methods and the substantial financial and operational toll on victims. This alliance between Western hackers and Russian ransomware gangs underlines the escalating challenge of cybercrime, outpacing defense mechanisms and necessitating more robust cybersecurity measures and international cooperation to combat these evolving threats.

Secret Rift Over Data Center Fueled Push to Expand Reach of Surveillance Program
NYTimes ($): A recent amendment added to a bill extending Section 702, a wiretapping law, has stirred controversy and privacy concerns. The amendment broadens the definition of service providers required to participate in a warrantless surveillance program, potentially including data centers which a 2022 court ruling deemed outside the legal scope of “electronic communications service providers.” Privacy advocates fear the vague language could enable widespread conscription of individuals with access to electronic communications equipment into spying roles. This has led to debates on Capitol Hill, with proponents arguing it’s a necessary update reflective of modern internet infrastructure, while critics, including Senator Ron Wyden, warn it could lead to excessive surveillance overreach impacting Americans’ rights. The amendment, having passed the House, now faces scrutiny in the Senate amidst urgent calls to narrow its scope.

2 Stats You Should Know

The average U.S. cybersecurity job pays $147,138 annually, compared to the average U.S. salary of $59,384 as of the fourth quarter of 2023. (source)

Since March 2023, Meta has blocked over 1,000 unique ChatGPT-themed web addresses designed to deliver malicious software to users’ devices. (source)

1 More Thing

source

 

Our large and diverse network of experts is here to help...

Charles M.

Principal

Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.