UnitedHealth says data of 100 million stolen in Change Healthcare breach

Topic

New Reply

“UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years”

The whole Awful Story at:

https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

===========================================

A note from a commenter on Bleeping reads, in part:

“They short staffed IT very much also. No surprise their management would skimp on MFA to save money for their obnoxious bonuses (https://www.beckerspayer.com/payer/unitedhealth-groups-5-highest-paid-executives.html , insanity)….due to how the health insurance companies divide up the country to prevent competition in pricing. ”

This is yet another very sad commentary on the state of the US healthcare system and it’s security. You’ll have to read the whole tale. It’s got it all: greed, fear, incompetence and so forth. Just dreadful.

[Moderator edit] trimmed content to avoid copyright risk.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

2 users thanked author for this post.

Steve S., SueW

Reply | Quote

Replies

Indeed. I received a letter from Change Healthcare in September; it was so vague that I had no idea what it was about (plus, I had never heard of Change Healthcare!). After doing some research I learned that the letter was legit, but I had no idea if my data were breached or how/why I received this letter. Mind you, this breach had occurred in February.

It was only last week, when I started my research into whether to stay with my current Part D* in 2025 (Wellcare), that I saw an orange banner at the bottom of its website stating information about this “cyber security incident” and that those impacted would receive a letter. More research: Wellcare’s parent company, Centene, and some of its subsidiaries (including Wellcare), were impacted by this breach.

Thanks a lot, Wellcare or Centene, for not taking the initiative to notify your members about this breach shortly after it occurred. Luckily, I had frozen five credit reporting agencies several years ago, hopefully minimizing any issues.

*Under Original Medicare (in the US), there’s an option to add prescription drug coverage, known as Part D, and this can be changed once per year, between October 15 and December 7.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

In case any of you missed it (I did) , here’s a very telling paragraph from Mr. Kreb’s article as to why data breach fines aren’t higher on healthcare giants:

“Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) introduced a bill that would require HHS to develop and enforce a set of tough minimum cybersecurity standards for healthcare providers, health plans, clearinghouses and businesses associates. The measure also would remove the existing cap on fines under the Health Insurance Portability and Accountability Act, which severely limits the financial penalties HHS can issue against providers.”

Yep, there it is. I wonder which lobbyist tossed how much cash into who’s office when THAT got put in?

Just FYI.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote