Latest news with #ChangeHealthcare
Int'l Business Times
11-06-2025
- Health
- Int'l Business Times
The Silent Cyber Crisis Alarming Global Economies and Why It's Time for Collective Action
The world has found itself dependent on the Internet, which powers everything, from emergency rooms and election systems to global supply chains and banking infrastructure. Cybersecurity is no longer just a technical concern. It's a matter of national resilience and global economic stability. Yet, despite daily headlines about ransomware attacks, phishing campaigns, and infrastructure outages, the world remains dangerously complacent. Individuals, businesses, and governing entities alike often operate under the illusion that the internet 'just works' until it doesn't. When disruptions occur, they aren't just inconvenient. They're deeply consequential. The cyberattacks of 2024 show exactly that. The UnitedHealth's Change Healthcare division cyberattack led to widespread medical delays and a ripple effect on the stock market. A software issue involving CrowdStrike grounded flights and stalled operations across multiple industries. These events exposed a hard truth: the global economy is built on digital infrastructure that is far more fragile than people care to admit. "We live in a world of digital dependence, but not digital preparedness," says Philip Reitinger, President and CEO of the Global Cyber Alliance (GCA). "Cybersecurity is not just a technology issue. It's an economic and well-being issue with global implications." Philip Reitinger Much of the malicious activity that threatens the Internet doesn't make headlines. Attacks happen quietly: automated bots probe systems, stolen credentials circulate on the dark web, and malware using cloud infrastructure launches coordinated attacks. This ongoing digital pollution impacts not only the victims but also the very health and trustworthiness of the Internet itself. To highlight and confront this issue, GCA recently launched the Internet Pollution Index, an initiative to measure and map malicious activity flowing across global networks. The results are sobering. Some organizations, including well-known cloud service providers, unknowingly emit harmful traffic, acting as launchpads for attacks against others. "Cybercrime has become so automated, so widespread, that many networks are both victims and unwitting accomplices," Reitinger explains. "We need more visibility and accountability to break this cycle." The Common Good Cyber initiative (spearheaded by GCA) has long been at the forefront of strengthening cybersecurity worldwide. In March, the group announced a critical effort to establish a joint fund mechanism for nonprofit organizations at the Bridging the Gap event. Together with a growing network of nonprofits, corporate enterprises, and governing entities, GCA is working to safeguard the foundational components of the internet, including routing, domain names, IP address hygiene, and more. These efforts are often behind the scenes but vital. They help small businesses stay afloat, enable civil society groups to operate safely, and protect the digital backbone of democratic institutions. But they face an uphill battle. "There's only so much nonprofits and NGOs can do on their own," says Reitinger. "The hard truth is that cybersecurity for the common good requires much more investment from governing bodies, the private sector, and civil society." The consequences of underinvesting in cybersecurity aren't abstract. They're felt in economic losses, eroded trust, and the disruption of essential services. From hospitals unable to access patient records to small businesses locked out of their systems, the damage is both personal and systemic. In fact, the situation has gotten so severe that the cost of global cybercrime is expected to reach an annual cost of $10.5 trillion by 2025, with the average cost of individual breaches averaging around $4.9 million. However, this is far from simply a problem for organizations as its impact reaches everyday citizens. It was reported that a single data breach leaked the information of over 1.3 million US citizens in 2024, many of whom were none the wiser that their names, social security numbers, and home addresses were being sold to the highest bidder on the dark web. And it's not just about being a target. Some networks are already part of the problem without knowing it. According to GCA's sensor network, malicious traffic emerges from every region, targeting every IPv4 port 24/7. "Every network has a responsibility not just to protect itself but to ensure it's not unintentionally harming others," says Reitinger. "We need active collaboration, not passive protection." GCA's Internet Integrity Program builds on that spirit. By collaborating with key players in Internet infrastructure operations, the program aims to create a practical, scalable blueprint for better security across borders. Global Cyber Alliance Cybersecurity cannot be treated as an afterthought or a private burden. It is a cornerstone of economic growth, public trust, and national security. And as cyber threats grow more sophisticated, the only viable path forward is one built on collective responsibility and sustained collaboration. That includes empowering the nonprofits doing the essential, and often invisible, work of defending the Internet. Collaboration means governing bodies recognizing their role not just in protecting their own infrastructure, but in supporting the public interest across the broader ecosystem. And collaboration means acknowledging that when it comes to cyber risk, everyone is in this together. In the end, Reitinger concludes, "The internet we created belongs to all of us. And if we want to keep it safe, accessible, and reliable, then we all have a role to play in protecting it."
Yahoo
08-06-2025
- Health
- Yahoo
Why Healthcare Gets Hit Hardest With Cyberattacks
Our health data is some of the most confidential information we have, and the systems that most healthcare companies use to protect it from cybercrooks are somewhat sickly. Thanks to a toxic mix of aging hardware, outdated software and shoestring operating budgets, they're increasingly susceptible to cybercriminals who are not only lured by a gold mine of data but also armed with state-of-the-art hacking tools, experts told The Daily Upside, leading to some of the largest data breaches in history. And the risks extend far beyond lost data and eye-popping ransom payments. 'There's really a direct danger to patient care and life,' says Rob Hughes, chief information security officer at security firm RSA. 'That's as serious as you can get. It's a different type of pressure.' READ ALSO: NBA Finals Kick Off With an Old (Footwear) Friend and Tariffs Deliver Record Drop in US Trade Deficit Statistics back him up: Last year was a landmark for healthcare data breaches. According to HIPAA Journal, there were 14 attacks involving the records of 1 million or more patients in 2024, exposing the records of more than 237 million individuals altogether. The biggest healthcare breach in history occurred only two months into the year, when ransomware attackers stole the data of 190 million people from Change Healthcare in February. 'There are a lot of vulnerabilities that healthcare organizations don't even realize they have,' said Alpesh Shah, vice president of security strategic alliance at Myriad360. 'Every individual who is touching a smart device is vulnerable to bring some sort of threat to the organization.' The technological advances that have revolutionized healthcare over the past 50 years have simultaneously ramped up cybersecurity risks exponentially. The amount of personal information collected at healthcare facilities is mountainous, with every machine collecting bits of data on patient health at a constant rate. Many of the technologically complex devices used daily or even hourly are operating on outdated software, Hughes said, a combination that leaves medical centers riddled with vulnerabilities. For instance? A big MRI machine that still makes a nice MRI image but runs 'an old version of Windows that can't accept patches anymore,' he said. Exacerbating the problem are security measures that often involve a patchwork of systems inexpertly quilted together, said Gary Salman, CEO of Black Talon Security. Healthcare organizations often use security solutions from multiple vendors, which can lead to a lack of standardization or centralization, he said. While this puts them in a 'feel-good position,' the mishmash of products may not always cover the ground that it should while creating both unnecessary complexity and a glut of data. 'How do you triangulate all of this, especially in medium- and large-size healthcare organizations?' he asked. At a more strategic level, few shareholders and healthcare practitioners prioritize cybersecurity budgets, focusing instead on delivering patient care. Smaller regional and rural healthcare facilities are often living below the 'cybersecurity poverty line,' he said. 'Security is going to come second.' Plus, talented cybersecurity professionals have become increasingly sought after and expensive. And because of healthcare's limited budgets for technology, it doesn't always get the best cybersecurity talent, said Shankar Somasundaram, founder and CEO of Asimily. 'Healthcare may not always be able to pay the same amount,' said Somasundaram. 'Strong talent would go to another vertical, where they're getting paid more.' While formidable to healthcare executives, the tangled web of cybersecurity challenges merely sweetens the pot for hackers who, according to Salman, view healthcare data as a 'pot of gold.' The information is highly sensitive, incredibly personal and usually deeply detailed. Plus, organizations are collecting massive amounts at a constant rate, he said. 'Any size healthcare organization that has anywhere from thousands to millions of patient records – the risk is high,' Salman said. Selling such data to brokers through underground channels is also far more lucrative than pushing other types of data, Somasundaram added. When hackers sell credit card information, 'they have to collect 50 credit cards to make a single dollar,' he said. 'They can sell a healthcare record for tens of dollars each.' Because of the sensitivity of health data – and the fact that these records generally can't be wiped or changed the way a credit card or phone number can – healthcare organizations will often pay up when hit with ransomware attacks, said Salman. 'Imagine having a human being's complete demographic profile. That data could be sold to pharmaceutical companies,' said Shah. 'Thieves will go where the money is. And data is the new money.' Data loss is only the beginning of the problem, added Hughes. Cyberattacks can completely shut down healthcare facilities, forcing patients to seek care elsewhere, he said. In extreme cases, cyberattacks on healthcare organizations have been linked to fatalities, such as the 2019 attack on a hospital in Alabama that led to the death of a newborn. 'There is a state of mind that hackers are moral,' said Itay Glick, director of product at security firm OPSWAT. 'We need to understand that not all the attack groups share the same ethical standards that we think they should.' Despite the growing risks, healthcare organizations all too often simply react to attacks rather than working to prevent them, said Salman. Along with putting patients at risk, the strategy ends up costing organizations a far larger sum than they would have paid to establish adequate cyber defenses. While change often happens slowly, there are a variety of steps healthcare organizations can take to make themselves less attractive targets. Some are simpler, such as consistent security patching, strengthening credentials and providing cybersecurity education to staff, said Hughes. Vulnerability and penetration-testing can also help organizations identify their biggest pitfalls, said Glick. Backup Plan: Backing up data, meanwhile, is vital for healthcare organizations, Glick added. Since a major part of ransomware attacks is 'winning your data back,' having a backup stored can allow an organization to quickly recover, he said. The most important fix, however, is making cybersecurity a priority, especially among leadership and stakeholders. Change and awareness have to come from the top, said Somasundaram. Rather than viewing cybersecurity as an additional cost, corporate decision-makers should treat it as a vital necessity. 'In any industry which prides itself on patient outcomes and patient wellness and improvement, they see cybersecurity as a cost, not an outcome-based thing,' Somasundaram said. 'But if they could see the tie between cybersecurity and patient impact or lives, then I do believe they'd invest.' This post first appeared on The Daily Upside. To receive delivering razor sharp analysis and perspective on all things finance, economics, and markets, subscribe to our free The Daily Upside newsletter.
New York Post
21-05-2025
- Business
- New York Post
Report that UnitedHealth secretly paid nursing homes to cut hospital transfers sees stock plunge
UnitedHealth shares fell more than 4% on Wednesday after the UK's Guardian newspaper reported that the company made secret payments to nursing homes to reduce hospital transfers, adding to the woes of the healthcare conglomerate. The alleged action, part of a series of cost-cutting tactics, has saved the company millions, but at times risked residents' health, the Guardian reported, citing an investigation. The allegations add to the litany of negatives that have hurt UnitedHealth in the last several months, following a massive cyberattack at its Change Healthcare unit, reports of criminal and civil investigations into the company's practices, including one for Medicare fraud and the abrupt departure of CEO Andrew Witty last week. Advertisement UnitedHealth reportedly made secret payments to nursing homes to reduce hospital transfers, adding to the healthcare conglomerate's woes. AP Shares have stumbled all year, losing more than 39%, compared with a 0.6% decrease for the Dow. UnitedHealth said in response that 'the U.S. Department of Justice investigated these allegations, interviewed witnesses, and obtained thousands of documents that demonstrated the significant factual inaccuracies in the allegations.' The company also said in an emailed statement that the DOJ declined to pursue the matter after reviewing all the evidence during its multiyear investigation. Advertisement Reuters has not independently verified the article's allegations. 'The news is only seemingly getting worse for UnitedHealth,' said Sahak Manuelian, managing director, global equity trading at Wedbush. 'This is kind of a tough situation for investors to come in and have any kind of confidence in putting money to work, so we'll have to kind of wait and see how this plays itself out, unfortunately,' Manuelian said. Advertisement Stephen Hemsley returned as UnitedHealth CEO last week. AP Separately, HSBC downgraded the stock to 'reduce' from 'hold,' and cut the price target to a street-low of $270. The brokerage said higher medical costs, pressure on drug pricing and its pharmacy benefit management unit, OptumRx, and a potential Medicaid funding cut can upset the company's recovery journey. The company is now counting on the experience of Stephen Hemsley, who returned as CEO to steer it through the current crisis. Advertisement 'We believe Hemsley has the experience and leadership attributes that the company needs to restore credibility and right the ship,' said James Harlow, senior vice president at Novare Capital Management.
Al Jazeera
21-05-2025
- Business
- Al Jazeera
Unitedhealth paid nursing homes to reduce hospital transfers, report
UnitedHealth has allegedly secretly paid nursing homes to reduce hospital transfers — the latest accusations in a series of woes facing the health insurance giant. The alleged action, first reported by The Guardian newspaper on Wednesday, was part of a series of cost-cutting tactics that have saved the company millions, but at times, risked residents' health, the publication showed, citing an investigation. The story, which cites thousands of documents and firsthand accounts of more than 20 former employees of the healthcare company and nursing homes, says that the insurance giant sent its own medical teams to nursing homes to push the cost-cutting measures. As a result, patients who urgently needed medical care did not receive it, including one person who now lives with permanent brain damage after a delayed transfer. The allegations add to the litany of negatives that have hurt UnitedHealth in the last several months, following a massive cyberattack at its Change Healthcare unit, reports of criminal and civil investigations into the company's practices, including one for Medicare fraud and the abrupt departure of CEO Andrew Witty last week. UnitedHealth said in response to the story, 'The US Department of Justice investigated these allegations, interviewed witnesses, and obtained thousands of documents that demonstrated the significant factual inaccuracies in the allegations.' The company also said that the DOJ 'declined to pursue the matter'. Shares have stumbled all year, losing more than 39 percent compared with a 0.6 percent decrease for the Dow. As of noon ET (16:00 GMT), the stock is down more than 3.6 percent. 'The news is only seemingly getting worse for UnitedHealth,' said Sahak Manuelian, managing director, global equity trading at Wedbush Securities. HSBC downgraded the stock to 'reduce' from 'hold,' and cut the price target to a street-low of $270. The brokerage said higher medical costs, pressure on drug pricing and its pharmacy benefit management unit, OptumRx, and a potential Medicaid funding cut can upset the company's recovery journey.
Daily Mail
17-05-2025
- Health
- Daily Mail
Over 276 million Americans affected by medical data breaches
A staggering 276 million patient records were compromised in 2024, experts have revealed. It suggests eight in 10 Americans had some form of medical data stolen last year. The biggest hack in 2024 was also one the largest healthcare data breaches in US history, impacting 190 million patients linked to Change Healthcare. Now, researchers at the cyber watchdog Check Point are warning of a newly uncovered healthcare cyberattack that could expose even more sensitive information than the previous year. According to the team, cybercriminals are impersonating practicing doctors to trick patients into revealing Social Security numbers, medical histories, insurance details, and other personal data. The phishing campaign has been active since March 20, and researchers estimate that 95 percent of its targets are in the US. 'In some versions of these phishing emails, cybercriminals deploy images of real, practicing doctors but pair them with fake names,' the Check Point team reported. The emails instruct recipients to contact a listed healthcare provider using a specific phone number—part of the scam. Researchers noted that Zocdoc has become a key tool in the attackers' arsenal, as it allows them to use images of real doctors while disguising their identities with fake credentials. The Check Point team noted that the data compromised in 2024 amounted to roughly 758,000 records every single day. 'Victims of medical identity theft will spend an average of 210 hours and $2,500 out-of-pocket to reclaim their identities and resolve the fallout,' the researchers said. In one case, cybercriminals created a fake profile on Zocdoc using a real doctor's image but a fake name and sent a fake pre-appointment message, booking confirmation, and additional instructions. To safeguard patients' private information and finances, healthcare organizations are urged to install advanced phishing filters, conduct regular employee cybersecurity training and mock drills, and ensure their IT teams are equipped to respond to threats quickly. In March 2025, Yale New Haven Health experienced a data breach affecting approximately 5.5 million individuals. Hackers copied the data on the day it was discovered, indicating a likely ransomware attack and exposing the fragility of the U.S. healthcare system. These breaches highlight systemic failures in the cybersecurity infrastructure of the healthcare sector. Many organizations still rely on outdated systems that lack modern security protocols, making them easy targets for cybercriminals. A recent study revealed that some medical devices—unlike smartphones or laptops—lack basic security safeguards, making them a significant entry point for hackers. By compromising devices like MRI machines, cybercriminals can gain access to entire networks and connected systems, creating widespread vulnerabilities. The financial repercussions of these breaches are staggering. UnitedHealth Group estimated the cost of the Change Healthcare breach at approximately $2.5 billion, covering response efforts, system rebuilds, and support for affected providers. 'The company has restored most of the affected Change Healthcare services while continuing to provide financial assistance to remaining healthcare providers in need,' UnitedHealth Group stated. Beyond financial damage, the cyberattack also caused severe operational disruption. For instance, delays in processing insurance claims forced some patients to pay out of pocket for medications and services. Smaller healthcare providers faced devastating revenue losses, threatening their survival. In response to the rising threat, a new set of Health Insurance Portability and Accountability Act (HIPAA) regulations was proposed in January 2025. The goal is to enhance the protection of medical records through stronger data encryption and stricter compliance checks. The proposed rule is expected to cost $9 billion in the first year and $6 billion annually over the next four years. Patients affected by data breaches are urged to monitor their financial accounts, request credit reports, and consider placing fraud alerts. 'Patients are encouraged to review statements from their healthcare providers and report any inaccuracies immediately,' said Yale New Haven Health. The exposure of 276 million patient records underscores the urgent need to reinforce cybersecurity in healthcare. As threats continue to evolve, it's critical for healthcare organizations to implement modern safeguards and conduct regular audits to stay ahead of attackers and protect sensitive patient data. Want more stories like this from the Daily Mail? Hit the follow button above for more of the news you need.
