Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

Critical Infrastructure, Healthcare, News Coverage

Uncle Sam Intervenes as Change Healthcare Ransomware Fiasco Creates Mayhem

down-arrow

The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and urging advanced funding to providers.

Change, a UnitedHealth Group-owned IT services firm, provides software to more than 70,000 American pharmacies and healthcare organizations so they can electronically process insurance claims and fill prescription orders.

Many of Change’s customers have reported disruptions and severe cash flow issues following the February 21 cyber attack.

On Tuesday, the Department of Health and Human Services (HHS) intervened to assist the healthcare industry and ensure that medical facilities can continue to provide patient care.

"Numerous hospitals, doctors, pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments," the department explained in a statement. "HHS has heard these concerns and is taking direct action and working to support the important needs of the healthcare community."

This includes allowing Medicare providers to change clearing houses they use for claims processed during the outage via an expedited process.

The Feds are also "encouraging" Medicare Advantage organizations to offer advance funding to providers more severely affected by the cyber attack. These are the private companies – like UnitedHealthcare and Humana – that Medicare pays to cover individuals' benefits.

Additionally, the government "strongly encourages" Medicaid and Children's Health Insurance Program managed-care plans to either relax or remove prior authorization requirements and offer advance funding to providers.

On top of that, Medicare Administrative Contractors are required to accept paper claims from providers while their electronic billing systems remain down.

"This incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cyber security resiliency across the ecosystem," HHS noted, and directed medical providers to its December concept paper [PDF] that outlines a cyber security strategy for the sector.

A month later, the Feds issued new voluntary cyber security performance goals for hospitals and other healthcare organizations – which some infosec experts predict probably won't be "voluntary" for very long.

'They're really in the hurt locker'

The government stepping in to assist pharmacies and medical providers "is huge," Padraic O'Reilly, co-founder and Chief Innovation Officer of cyber risk firm CyberSaint, told The Register.

"The smaller practices are really suffering – they're really in the hurt locker," he added. "It's such a supply chain issue, and it really reaches into the entire infrastructure around healthcare payments, which is really quite scary. It's really high risk to have half the transactions running through one provider."

Compared with other critical infrastructure sectors, "healthcare [cyber security] historically tends to lag because they don't always have the mandate from above that other sectors do," O'Reilly explained.

Considering HHS's voluntary goals, plus the Biden administration's focus on improving cyber security – especially across the critical infrastructure sectors – "I wouldn't be surprised at all if HHS, on the heels of this, makes more stringent requirements, tying it to Medicare, Medicaid," he opined. "It's a carrot-and-stick type scenario."

More ALPHV drama

Meanwhile, drama continues to play out in the orbit of ALPHV/BlackCat, the ransomware gang responsible for the attack on Change Healthcare.

After receiving more than $22 million in Bitcoin – in what may or may not have been a ransomware payment – the criminal group reportedly stole the money from its affiliate crew that attacked the healthcare IT provider.

Shortly after, the ALPHV website disappeared, and was replaced by a banner declaring it had been seized by international law enforcement including the FBI and the UK's National Crime Agency (NCA).

This appears to be an exit scam – allowing the crooks to take the money and run, while buying time to regroup and possibly resurface under a different brand now that it's burned some of its affiliates.

The FBI declined to comment, but a National Crime Agency spokesperson told The Register "any recent disruption to ALPHV infrastructure is not a result of NCA activity."

The consensus among threat intel folks on social media seems to be "exit scam," with some noting the shady source code on the new takedown notice.

Infosec analyst and security researcher Dominic Alvieri told The Register it's an exit scam, while self-described “slayer of ransomware” Fabian Wosar called it "a poor attempt by ALPHV/BlackCat to hide their exit scam. Don't fall for it."

Originally posted on The Register. 

You may also like

CyberSaint Recognized in ...
on October 28, 2024

BOSTON— (BUSINESSWIRE)— CyberSaint, a leader in cyber risk management, was recognized in Gartner’s Innovation Insight: Cyber GRC Streamlines Governance report as a Representative ...

CyberSaint Recognized in 2024 ...
on August 21, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, a leader in cyber risk management, was recognized in the 2024 Gartner Hype Cycle™ for Cyber Risk Management as a Sample Vendor for Cyber ...

STRONGER 2024 Conference ...
on July 31, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that attendee registration is now open for its annual STRONGER conference; the ...

CyberSaint Enables Customers to ...
on July 29, 2024

In today’s fast-paced business environment, CISOs must navigate the constant daily flood of data while prioritizing risk buy-down in the areas most likely to affect their ...

Jerry Layden
CyberSaint Launches NIST CSF ...
on May 8, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, announced today the release of the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows ...

CyberSaint Announces $21M in ...
on March 20, 2024

Boston, MA – March 20th, 2024 – CyberSaint, the leader in cyber risk management, today announced the company has raised $21M in Series A funding led by Riverside Acceleration ...