An Update on How to Secure Your Practice after UnitedHealth Cyber Attack

On February 21, Blackcat, a ransomware group, accessed Change Healthcare’s systems and 6 TB of data. This included medical and dental records, payment information, and patient information from a variety of Change Healthcare partners.

Sentinel, a risk management and benefit solutions company, has offered the following advice:

UNITEDHEALTH CYBERATTACK:
WHAT TO KNOW AND HOW TO PROTECT YOUR PRACTICE

WHO WAS THE TARGET?

The unlucky target was UnitedHealth Group’s Change Healthcare, which is a critical part of the country’s healthcare infrastructure. They coordinate payments, requests for insurers to authorize care, and more. Change Healthcare processes about 50% of medical claims in the U.S. for around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories.

WHEN WAS THE ATTACK?

On February 21, Blackcat, a ransomware group, accessed Change Healthcare’s systems and 6 TB of data. This included medical and dental records, payment information, and patient information from a variety of Change Healthcare partners.

WAS A RANSOM PAID?

Blackcat received $22 Million in Bitcoin on March 1. However, Change Healthcare has not confirmed any payment of a ransom.

WHO WAS AFFECTED?

Any Change Healthcare partners reliant on its systems for payment, claims, processing, etc.

IS CHANGE HEALTHCARE BACK UP AND RUNNING?

Its pharmacy network was 99% restored on March 7 and the electronic payments platform was running as of March 15. Its claims preparation software went back online on March 18.

HOW CAN YOU PROTECT YOURSELF?

  1. Enable Multi-Factor Authentication (MFA)

Most email platforms (Outlook, Gmail, etc.) allow you to adjust your settings to enable MFA at no cost. Additional MFA products are available for enhanced security.

  1. Use Difficult to Guess Passwords

Include uppercase, lowercase, numbers, and characters and update passwords regularly. Consider using phrases versus just words as a password.

  1. Ensure Employees Are Educated on Phishing Scams

To prevent phishing scams from infiltrating your company’s system, it is crucial to educate your employees on how to recognize them. If you need assistance in training your staff, Sentinel offers helpful webinar courses to ensure they are well-equipped to identify and avoid potential threats.

  1. Get In Touch with Sentinel

Our IT Service Provider Partners are experts in the field of cybersecurity and can help you assess your current controls, identify vulnerabilities, and recommend enhancements to improve your cybersecurity readiness. By working with our trusted partners, you can rest assured that your organization’s cybersecurity is in good hands.  Go to sentinelra.com or call 855-490-2528.