The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a billion dollars more than was previously estimated, Cybersecurity Dive reports. The incident has already cost the firm nearly $2 billion.
The attack occurred in February after a ransomware group gained access to Change Healthcare’s systems. The criminals used stolen credentials to log in to a Citrix portal that did not have multi-factor authentication enabled. They then stole a great deal of healthcare information belonging to customers before triggering the ransomware. The full scope of the data breach isn’t yet known, but UnitedHealth Group’s CEO told Congress it may affect “a substantial proportion of people in America.”
The attack caused weeks-long disruptions at tens of thousands of pharmacies across the United States, which relied on Change Healthcare to process prescription payments. The incident is considered one of the most serious cyber attacks ever to hit the healthcare industry.
UnitedHealth Group's President and CFO John F. Rex said in an earnings call earlier this week, "Of the total in the quarter, $0.64 per share were direct costs incurred in restoring the clearinghouse platform and other response efforts. These included higher medical expenses directly stemming from the temporary pause of some care management activities....The other component affecting our results relates to disruption of the ongoing Change Healthcare business. This largely encompasses the loss of revenues, combined with the cost of keeping these capabilities fully ready to serve.”
The incident highlights the wide-reaching and costly ramifications of failing to follow security protocols. New-school security awareness training can give your organization an essential layer of defense by teaching your employees to follow security best practices.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Cybersecurity Dive has the story.