Unpacking the $22M Ransomware Heist of Change Healthcare

Cybersecurity Unpacking the $22M Ransomware Heist of Change Healthcare

Discover the critical insights from e360’s CISO, Brad Bussie, as he analyzes the $22 million Change Healthcare ransomware attack and its wider implications for the healthcare industry. Learn about the ongoing risks and the crucial steps to enhance your cybersecurity posture.

In Episode eleven of the State of Enterprise IT Security Edition, Brad Bussie, the Chief Information Security Officer of e360, explores the complex web of a significant ransomware attack on Change Healthcare. He provides a riveting analysis of a staggering $22 million payment and the inner conflicts it sparked among the cybercriminal community. The incident, which severely disrupted pharmacies and hospital operations across the U.S., offers a stark reminder of the persistent threats in the digital healthcare landscape.

The Change Healthcare ransomware attack not only demanded a whopping $22 million in ransom but also exposed the vulnerabilities and the possible domino effect such attacks can have on the interconnected healthcare system.

Bussie provides a candid glimpse into the incident, stating, "the ransomware attack targeted Change Healthcare... it's probably been one of the most disruptive in years." It has led to significant "snags in delivering prescription drugs nationwide," continuing for "ten plus days." The scale and duration of this attack serve as a stark warning of the cyber threats that the healthcare industry faces.

The aftermath of this attack is particularly interesting. Bussie notes the fallout within the hacker community itself, saying, "there's actually been a dispute in the criminal underground on who actually got paid from the hacker group behind this." The internal conflicts among criminals underline the chaotic and unpredictable nature of these groups.

However, the most pressing concern for the industry is not the criminal infighting but the fact that "every ransomware payment that we make, it emboldens the attackers and the groups that are responsible for this." This cycle of funding the attackers leads to a proliferation of similar attacks, with Bussie warning that they are "going to attack other healthcare services that patients depend on in the same or similar ways."

The incident should be a wake-up call for healthcare providers to reassess their cybersecurity strategies. Bussie urges providers, "if you are a listener, please reach out and contact us if you haven't been able to find if you're on that list." Proactivity is crucial in the face of these incidents, and being informed about one's status on threat lists can make a significant difference in preparedness and response.

Key Takeaways:

  • The Change Healthcare ransomware attack has resulted in a substantial payment and significant operational disruption.
  • There's a troubling trend of cybercriminals targeting healthcare providers, spurred by successful large ransom payments.
  • Indications suggest that other affiliated companies might be at risk, underlining the importance of proactive threat intelligence and security measures.

Action Items:

  • Healthcare providers should verify if they're on any threat lists and be vigilant about potential cyber threats.
  • Organizations must not encourage ransom payments, as they fund and embolden cybercriminal operations.
  • Reach out to security professionals, like the team at e360, for support in assessing risks and strengthening cybersecurity measures.

Episode eleven of the "State of Enterprise IT Security" podcast is available now. For more insights into how technology shapes our world, stay tuned to our blog for the latest in enterprise IT security and beyond.

Written By: Brad Bussie