wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114The U.S. government is urging senior politicians and high-ranking officials to lock down their devices amid the ongoing Chinese breaches of at least eight major telecom providers.
In an advisory on Wednesday, U.S. cybersecurity agency CISA said that “highly-targeted officials,” including those in government, should enable advanced security features, such as Apple’s Lockdown Mode, which limits the functionality of iPhones to limit the phone’s overall attack surface.
The agency also recommends that officials switch to end-to-end encrypted messaging apps, like Signal. This advice comes soon after U.S. officials urged Americans to also use encrypted messaging apps to minimize the risk of having their communications intercepted.
“Encryption is your friend — it makes your data unreadable, even if the adversary were to compromise it,” CISA executive assistant director Jeff Greene said on a call with reporters on Wednesday.
The agency also recommends the use of phishing-resistant multi-factor authentication and telecom-level account PINs to protect against SIM-swapping attacks.
Keep reading the article on Tech Crunch
GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned.
A security researcher alerted TechCrunch in late November to customer names and affiliations — such as the name of their workplace — spilling from one of Hapn’s servers, which TechCrunch has seen.
Hapn, formerly known as Spytec, is a tracking company that allows users to remotely monitor the real-time location of internet-enabled tracking devices, which can be attached to vehicles or other equipment. The company also sells GPS trackers to consumers under its Spytec brand, which rely on the Hapn app for tracking. Spytec touts its GPS devices for tracking the locations of valuable possessions and “loved ones.” According to its website, Hapn claims to track more than 460,000 devices and counts customers within the Fortune 500.
The bug allows anyone to log in with a Hapn account to view the exposed data using the developer tools in their web browser.
The exposed data contains information on more than 8,600 GPS trackers, including the IMEI numbers for the SIM cards in each tracker, which uniquely identify each device. The exposed data does not include location data, but thousands of records contain the names and business affiliations of customers who own, or are tracked by, the GPS trackers.
Hapn has not responded to multiple emails from TechCrunch. The customer names remain exposed at the time of writing.
Several emails to Hapn CEO Joe Besdin went unreturned. A message sent to an email address listed on the company’s privacy policy returned with a bounce error, saying that the email address does not exist. The company does not have a web page or form for reporting security vulnerabilities.
When we contacted individuals whose names and affiliations were listed in the exposed data, several people confirmed their names and workplaces but declined to discuss their use of the GPS tracker. One company listed on Hapn’s website as a corporate customer had several trackers listed in the exposed data, TechCrunch has seen.
The security researcher said they began looking into the GPS tracker after finding that customers had left online reviews for the devices recommending the tracker for monitoring a person’s spouse or partner. (TechCrunch has seen dozens of reviews on Spytec’s online stores from customers who claim to have used the GPS devices to track their spouses.)
The list of exposed customer records also shows thousands of trackers with associated names but no other discernible affiliation. It’s not known if the individuals are aware of having been tracked.
Keep reading the article on Tech Crunch
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history.
Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was stolen by cybercriminals during the cyberattack on Change Healthcare. At least 100 million people are now known to be affected by the breach.
Change Healthcare processes billing and insurance for hundreds of thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector. As such, it collects and stores vast amounts of highly sensitive medical data on patients in the United States. Through a series of mergers and acquisitions, Change became one of the largest processors of U.S. health data, handling between one-third and one-half of all U.S. health transactions.
Here’s what has happened since the ransomware attack began.
It seemed like an ordinary Wednesday afternoon, until it wasn’t. The outage was sudden. On February 21, billing systems at doctors offices and healthcare practices stopped working, and insurance claims stopped processing. The status page on Change Healthcare’s website was flooded with outage notifications affecting every part of its business, and later that day the company confirmed it was “experiencing a network interruption related to a cyber security issue.” Clearly something had gone very wrong.
It turns out that Change Healthcare invoked its security protocols and shut down its entire network to isolate intruders it found in its systems. That meant sudden and widespread outages across the healthcare sector that relies on a handful of companies — like Change Healthcare — to handle healthcare insurance and billing claims for vast swathes of the United States. It was later determined that the hackers initially broke into the company’s systems over a week earlier, on or around February 12.
After initially (and incorrectly) attributing the intrusion to hackers working for a government or nation-state, UnitedHealth later said on February 29 that the cyberattack was in fact the work of a ransomware gang. UnitedHealth said the gang “represented itself to us as ALPHV/BlackCat,” a company spokesperson told TechCrunch at the time. A dark web leak site associated with the ALPHV/BlackCat gang also took credit for the attack, claiming to have stolen millions of Americans’ sensitive health and patient information, giving the first indication of how many individuals this incident had affected.
ALPHV (aka BlackCat) is a known Russian-speaking ransomware-as-a-service gang. Its affiliates — contractors who work for the gang — break into victim networks and deploy malware developed by ALPHV/BlackCat’s leaders, who take a cut of the profits collected from the ransoms collected from victims to get their files back.
Knowing that the breach was caused by a ransomware gang changed the equation of the attack from the kind of hacking that governments do — sometimes to send a message to another government instead of publishing millions of people’s private information — to a breach caused by financially motivated cybercriminals, who are likely to employ an entirely different playbook to get their payday.
In early March, the ALPHV ransomware gang vanished. The gang’s leak site on the dark web, which weeks earlier took credit for the cyberattack, was replaced with a seizure notice claiming that U.K. and U.S. law enforcement took down the gang’s site. But both the FBI and U.K. authorities denied taking down the ransomware gang as they had attempted months earlier. All signs pointed to ALPHV running off with the ransom and pulling an “exit scam.”
In a posting, the ALPHV affiliate who carried out the hack on Change Healthcare claimed that the ALPHV leadership stole $22 million paid as a ransom and included a link to a single bitcoin transaction on March 3 as proof of their claim. But despite losing their share of the ransom payment, the affiliate said the stolen data is “still with us.” UnitedHealth had paid a ransom to hackers who left the data behind and disappeared.
Meanwhile, weeks into the cyberattack, outages were still ongoing with many unable to get their prescriptions filled or having to pay cash out of pocket. Military health insurance provider TriCare said “all military pharmacies worldwide” were affected as well.
The American Medical Association was saying there was little information from UnitedHealth and Change Healthcare about the ongoing outages, causing massive disruption that continued to ripple across the healthcare sector.
By March 13, Change Healthcare had received a “safe” copy of the stolen data that it had just days earlier paid $22 million for. This allowed Change to begin the process of poring through the dataset to determine whose information was stolen in the cyberattack, with the aim of notifying as many affected individuals as possible.
By late March, the U.S. government said it was upping its bounty for information on key leadership of ALPHV/BlackCat and its affiliates.
By offering $10 million to anyone who can identify or locate the individuals behind the gang, the U.S. government seemed to hope that one of the gang’s insiders would turn on their former leaders. It also could be seen as the U.S. realizing the threat of having a significant number of Americans’ health information potentially published online.
And then there were two — ransoms, that is. By mid-April, the aggrieved affiliate set up a new extortion racket called RansomHub, and since it still had the data that it stole from Change Healthcare, it demanded a second ransom from UnitedHealth. In doing so, RansomHub published a portion of the stolen files containing what appeared to be private and sensitive patient records as proof of their threat.
Ransomware gangs don’t just encrypt files; they also steal as much data as possible and threaten to publish the files if a ransom isn’t paid. This is known as “double extortion.” In some cases when the victim pays, the ransomware gang can extort the victim again — or, in others, extort the victim’s customers, known as “triple extortion.”
Now that UnitedHealth was willing to pay one ransom, there was a risk that the healthcare giant would be extorted again. It’s why law enforcement have long advocated against paying a ransom that allows criminals to profit from cyberattacks.
For the first time, UnitedHealth confirmed on April 22 — more than two months after the ransomware attack began — that there was a data breach and that it likely affects a “substantial proportion of people in America,” without saying how many millions of people that entails. UnitedHealth also confirmed it paid a ransom for the data but would not say how many ransoms it ultimately paid.
The company said that the stolen data includes highly sensitive information, including medical records and health information, diagnoses, medications, test results, imaging and care and treatment plans, and other personal information.
Given that Change Healthcare handles data on about one-third of everyone living in the United States, the data breach is likely to affect more than 100 million people at least. When reached by TechCrunch, a UnitedHealth spokesperson did not dispute the likely affected number but said that the company’s data review was ongoing.
Perhaps unsurprisingly when your company has had one of the biggest data breaches in recent history, its chief executive is bound to get called to testify before lawmakers.
That’s what happened with UnitedHealth Group (UHG) chief executive Andrew Witty, who on Capitol Hill admitted that the hackers broke into Change Healthcare’s systems using a single set password on a user account not protected with multi-factor authentication, a basic security feature that can prevent password reuse attacks by requiring a second code sent to that account holder’s phone.
One of the biggest data breaches in U.S. history was entirely preventable, was the key message. Witty said that the data breach was likely to affect about one-third of people living in America — in line with the company’s previous estimates that the breach affects around as many people that Change Healthcare processes healthcare claims for.
It took Change Healthcare until June 20 to begin formally notifying affected individuals that their information was stolen, as legally required under a law commonly known as HIPAA, likely delayed in part by the sheer size of the stolen dataset.
The company published a notice disclosing the data breach and said that it would begin notifying individuals it had identified in the “safe” copy of the stolen data. But Change said it “cannot confirm exactly” what data was stolen about each individual and that the information may vary from person to person. Change says it was posting the notice on its website, as it “may not have sufficient addresses for all affected individuals.”
The incident was so big and complex that the U.S. Department of Health and Human Services stepped in and said that affected healthcare providers, whose patients are ultimately affected by the breach, can ask UnitedHealth to notify affected patients on their behalf, an effort seen at lessening the burden on smaller providers whose finances were hit amid the ongoing outage.
The health tech giant confirmed in late June that it would begin notifying those whose healthcare data was stolen in its ransomware attack on a rolling basis. That process began in late July.
The letters going out to affected individuals will most likely come from Change Healthcare, if not the specific healthcare provider affected by the hack at Change. The letter confirms what kinds of data was stolen, including medical data and health insurance information, and claims and payment information, which Change said includes financial and banking information.
A spokesperson for UnitedHealth told TechCrunch that the data review was in its “final stages.”
It took the health insurance giant more than eight months to announce, but it has now confirmed that the data breach affects more than 100 million individuals. The number of those affected is expected to rise, given some have received data breach notifications as recently as October. The U.S. Department of Health and Human Services reported the updated number on its data breach portal on October 24.
As it stands, the data breach at Change Healthcare is now the largest digital theft of U.S. medical records, and one of the biggest data breaches in living history.
The state of Nebraska filed a lawsuit against Change Healthcare in December, accusing the healthtech giant of security failings that led to the massive breach of at least 100 million people in America. New details about the hack emerged in the state’s complaint, including that the ALPHV hackers initially broke in using the stolen username and password of a “low-level customer support employee,” which wasn’t protected with multi-factor authentication. The state’s complaint also accuses Change Healthcare of having poorly segmented IT systems, which allowed the hackers to travel freely between servers once inside the company’s firewall.
UnitedHealth Group, which owns Change Healthcare, told TechCrunch that the company was still in the “final stages” of notifying individuals affected by the data breach (the same thing it told us in July), suggesting that the number of Americans affected by the data breach will be far higher than the 100 million disclosed so far.
Keep reading the article on Tech Crunch
The U.S. state of Nebraska has sued the healthtech giant Change Healthcare over a series of alleged security failings that resulted in a historical data breach exposing the sensitive health information of at least 100 million Americans.
In a complaint filed this week, Nebraska’s attorney general Mike Hilgers claims UnitedHealth-owned Change Healthcare failed to implement proper security measures, leading to what he describes as a “historic” data breach in terms of impact and magnitude.
This comes after it was revealed in October that more than 100 million Americans had their sensitive medical data stolen during a February ransomware attack on Change Healthcare. This data included personal information such as addresses and phone numbers, health data including diagnoses, medications, treatment plans, and financial and banking data. Change Healthcare continues to notify affected individuals about the data breach, and the final number is expected to be higher than 100 million.
Hilgers said in his complaint that Change Healthcare’s “failures to implement basic security protections” exacerbated the extent of the cyberattack, which was attributed to the Russian-speaking ALPHV ransomware gang. The complaint alleges that the healthtech giant had poorly segmented IT systems that allowed the hackers to travel freely between servers, and that Change Healthcare had failed to implement multi-factor authentication on its systems, which meant they could be accessed with just a username and password.
The complaint also reveals some previously unreported information about the incident, including new details showing that the hackers gained access to Change Healthcare’s network using the username and password of a “low-level customer support employee,” which Hilgers said was posted to a Telegram group known for selling stolen credentials.
With access to this “basic, user-level” account, which did not have administrator access, Hilgers’ complaint alleges that hackers were able to break into the server that hosted Change’s medication management application, SelectRX. From there, the hackers created privileged accounts with administrator capabilities, including the ability to access and delete all files.
“For over nine days, the hacker navigated Change’s systems undetected, creating privileged administrator accounts, installing malware, and exfiltrating terabytes of sensitive data,” the complaint says, adding that the attack was only detected when files were encrypted, locking out the company from its own data.
Hilgers is also suing Change Healthcare over its alleged failure to notify affected individuals about the data breach, which he says impacted at least 575,000 Nebraskans. Hilgers says the state published its own notice alerting residents to the breach because Change Healthcare still had not provided notice to those affected until some five months after the cyberattack.
“As of the date of this complaint, the State of Nebraska believes that Defendants have still failed to provide written notice to many affected Nebraskans of the breach, leaving citizens more vulnerable to exploitation of the sensitive personal financial, health, and identifying information,” the complaint says.
The Nebraska attorney general is asking a court to order Change Healthcare to pay damages “for the harm caused to Nebraska residents and healthcare providers,” which Hilgers says were forced to deliver care without receiving payment for insurance claims.
The incident also caused widespread operational disruptions, leaving patients without necessary medications and treatments.
UnitedHealth spokesperson Katherine Wojtecki told TechCrunch: “We believe this lawsuit is without merit and we intend to defend ourselves vigorously.” The company reiterated in its statement what it told TechCrunch in July, that Change Healthcare’s review of the stolen data was “in its final stages.”
Keep reading the article on Tech Crunch
The term “pig butchering” has become a catchall and it’s causing victims to keep quiet about crimes.