医疗保健网络攻击造成前所未有的破坏

2月. 21, 2024, 改变卫生保健, a subsidiary of UnitedHealth Group (UHG) and one of the largest platforms for managing health insurance billing and payments in the United States, 遭遇大规模网络攻击. This attack forced the company to shut down over 100 services across its system for multiple weeks, 影响了全国数百万的医疗服务提供者和患者. 由于它的大小, cybersecurity experts have deemed the incident one of the most disruptive attacks in history, 展示网络事件对医疗保健行业的破坏性影响. This article provides more information on the 改变卫生保健 cyberattack and offers guidance to help organizations prevent similar incidents.

“We continue to make significant progress in restoring the services impacted by this cyberattack. We know this has been an enormous challenge for health care providers and we encourage any in need to contact us.” ——Andrew Witty, UHG首席执行官 

网络攻击的概述

攻击开始于黑猫(也被称为ALPHV), a sophisticated cybercriminal group responsible for executing several major data breaches, 侵入了改变卫生保健的系统. 

尽管目前尚不清楚黑猫是如何获得未经授权的访问权限的, 网络安全专家推测可能是通过远程桌面协议(RDP), 暴力破解技术或应用程序漏洞. 从那里, the cybercriminal group deployed ransomware to render a variety of sensitive data and essential operations across 改变卫生保健’s system unavailable. 黑猫随后要求该公司支付一大笔款项以换取恢复.

作为对袭击的回应, 改变卫生保健 immediately disconnected more than 111 of its services to prevent further damage and contacted law enforcement for additional remediation assistance. 从2月. 21-28, 该公司的服务仍然中断, 最终导致医生和医院无法支付账单, manage and issue prescriptions for medical procedures; preventing pharmacies from filling prescriptions; and restricting patients from making health insurance claims and receiving prescribed medications. 根据数字健康风险保证公司First health Advisory的说法, 这种停机时间每天可能给医疗保健提供者造成高达1亿美元的损失.

在此期间, 几个医疗保健组织, such as the American Hospital Association and the Medical Group Management Association, released public statements emphasizing the severity of the cyberattack and urging the U.S. 政府应参与缓解工作. 不久之后, “黑猫”对这次袭击负责, 声称他们入侵了超过6兆字节的医疗服务提供商数据, 保险计划和病人资料, 包括个人身份信息.

3月1日, 改变卫生保健 began to show signs of recovery as the company made temporary funding available to health care providers in its system. 

By March 5, the federal government announced its involvement in the remediation process, with the U.S. Department of Health and Human Services outlining a detailed plan for investigating the incident and supporting the health care sector in multiple recovery initiatives. 几天后, 改变卫生保健 restored services related to prescription claim submissions and payment operations. The company expects to reinstate the remainder of services impacted by the cyberattack during the week of March 18.

完全, 这次袭击造成了数周的严重业务中断, financial challenges and health care complications for both 改变卫生保健 and its stakeholders. 此外, the company may have compounded its losses from the attack by complying with BlackCat’s ransom demand. 尽管改变卫生保健尚未证实这一猜测, some cybersecurity experts reported that a recent Bitcoin transaction of $22 million to an account affiliated with BlackCat via the cryptocurrency’s publicly visible blockchain platform proves that the company paid the ransom.

预防指南

As ransomware incidents like the 改变卫生保健 cyberattack become more frequent and costly, 对于组织来说，采取措施防止类似的损失是很重要的. 以下是一些防范勒索软件的建议，供组织机构参考:

• 保护敏感数据. 通过保护机密信息的安全, organizations can make it more difficult for cybercriminals to access this data and use it against them amid ransomware incidents. 这需要选择安全的地点来存储关键信息, establishing routine data backup protocols and implementing access control policies (e.g.最小特权原则和多因素身份验证).  
• 使用有效的保安软件. Various security solutions can help defend organizations’ systems against potential ransomware threats. 包括杀毒软件, 补丁管理计划, 端点检测和响应解决方案, 电子邮件认证技术.
• 优先考虑技术程序. 除了安全解决方案, 某些技术程序可以帮助组织将勒索软件风险降至最低. 这可能涉及到设置RDP保护以限制可能的攻击途径, 分割和隔离不同的网络，以阻止攻击的传播, and prioritizing end-of-life software management to reduce attack exposures from outdated technology.
• 教育员工. Because employees are widely considered the first line of defense against cyberattacks, 他们应该定期接受有关最新勒索软件威胁的教育, 检测实践和应对方法.
• 制定计划. Cyber incident response plans help organizations act swiftly and limit total losses when attacks occur. Organizations should include ransomware attack scenarios in their cyber incident response plans and periodically evaluate these plans through tabletop exercises and penetration testing to ensure their effectiveness.
• 谨慎对待赎金要求. 联邦调查局通常建议不要接受赎金要求, as there is no guarantee that cybercriminals will follow through with their end of the negotiations, 可能会加剧整体损失. 进一步, organizations that pay ransom demands may be more likely to be targeted in future ransomware attacks, 因为网络犯罪分子会记得他们过去支付的意愿.
• 购买适当的保险. It’s imperative for organizations to secure adequate cyber insurance to maintain financial protection against losses resulting from ransomware attacks. Organizations should consult insurance professionals to discuss specific coverage needs.

梅高美集团4858获取更多风险管理资源. 

The content of this 简短的新闻 is of general interest and is not intended to apply to specific circumstances. 它不应被视为法律咨询意见，也不应被视为法律咨询意见. 与他们可能遇到的任何特定问题有关, 读者应寻求具体建议. ©2024 Zywave, Inc. 版权所有.