The Facts Behind the Change Healthcare Hack
Reveal Why We Are
Losing the Cyber War
As the facts surrounding the ransomware attack on Change Healthcare, the unit of UnitedHealth Group that manages fifty percent of all prescription drugs in this country, are better known, what becomes clear is that executives at Change Healthcare lack the most basic knowledge of the state of cyber security, circa 2024. Either that, or the executives at Change Healthcare and UnitedHealth have demonstrated a callous disregard for the rights and safety of all its patients, customers, and stockholders.
The Change Healthcare attack was made possible because the hackers had access to previously stolen credentials used to gain access to Change HealthCare's network. In a written statement dated May 1, 2024, but released April 29, 2024, UnitedHealth CEO Andrew Witty, admitted that:
On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops. The portal did not have multi-factor authentication.
And therein lies the gross irresponsibility, bordering on malfeasance, demonstrated by Witty and his management team. Citrix remote access applications have a long history of known vulnerabilities. As Yahoo Finance reported April 29, 2024:
It's unclear which specific security flaw at Citrix was exploited by AlphV, but U.S. officials issued multiple warnings about security loopholes in Citrix tools late last year, some of which were being used to breach healthcare groups.
Nor is it yet known if the appropriate security patches were applied to the yet undisclosed Citrix application that was leveraged in the attack.
As citizens and as consumers, we have the right to expect that that those in charge of large institutions that serve the public make all efforts to ensure that the information these institutions are entrusted with is made secure as possible. It has been known for years that Citrix Remote Desktop applications pose real threats to network security.
Better care should have been taken. Those responsible for this disaster should be made to pay for their mistakes. Of course, it is highly unlikely that will ever happen. Meanwhile, as reported by CNBC, April 30, 2024, over two months after the initial attack, healthcare providers struggle to to stay in business as insurance claims still go unpaid. Meanwhile, as has been widely reported, a second ransomware group claims to have stolen data from Change Healthcare. In his new crime, information about US military personnel is held for ransom.
The ongoing catastrophe that is the Change Healthcare debacle illustrates why the cyberwar seems like an endless series of skirmishes where individuals and their businesses are callously considered collateral damage. Real cyber threats are not taken seriously enough. Simply saying after the fact, "I am deeply, deeply sorry," as Andrew Witty said in Congressional testimony, May 1, 2024, is just not enough. There must be real consequences for his failures. Maybe then, the oligarchs that hold the reigns of American industries will take their responsibilities more seriously.
As the Chamber Brothers song says, "Time has come today."
Gerald Reiff
| Back to Top | ← previous post | next post TBA → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||