wprss
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114wprss
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114As a dietitian, Vanessa Rissetto’s main goal is to help people stay healthy.
She also knew that there were some roadblocks to achieving that. For example, the Black community deals with pressing health concerns, in addition to a disproportionate lack of access to care. More than 80% of registered dietitians in the U.S. are white, she said.
“As a Black woman, I wanted to bring more diversity to the industry to expand access to more Americans in need of nutrition care,” she told TechCrunch.
The result was her company Culina Health, which she co-founded with fellow dietitian Tamar Samuels in 2020. Today, the company announces a $7.9 million Series A, led by Healthworx, the CVC of the insurance company CareFirst.
Culina Health connects patients and healthcare providers to a network of registered dietitians who can provide virtual care in areas such as chronic disease prevention, wellness, and weight loss.
“Nutrition is vital to longevity and overall health, and it can be very sensitive for many individuals,” Rissetto said. “We come to every patient with personalized solutions rather than a one-size-fits-all approach.”
Culina Health, which already works with insurance companies and Medicare, says at least 70% of the U.S. can currently access its platform. It also says it has served more than 10,000 patients with its Culina Health Method, a methodology used to provide personalized care to patients.
Others in the space include Nourish, Foodsmart, and Berry Street.
“We are attacking the issue as a brand-new challenge, requiring a comprehensive and clinically rigorous approach,” Rissetto said, adding she doesn’t feel many others are doing the same. “We also stand out through our non-judgemental and culturally-affirming care. Individuals seeking nutrition care should be met where they are—not expected to fit a mold.”
Rissetto called the fundraising journey exhilarating, exhausting, and validating. Culina Health met its lead investors through word of mouth and eventually inbound requests.
“Culina’s mission was clear and stood out to investors as something unique in the industry and worth the investment,” she said.
Other investors in the company include Collab Capital, Cake Ventures, and GW Ventures.
The fresh capital will be used to expand and enhance Culina Health’s nutrition counseling. “We will implement new AI platforms to improve care efficiency, lighten our physicians’ burden, and strengthen our leadership team with new key hires,” Rissetto continued.
“With this new funding, the sky is the limit in providing the best possible care for our patients.”
Keep reading the article on Tech Crunch
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history.
Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was stolen by cybercriminals during the cyberattack on Change Healthcare. At least 100 million people are now known to be affected by the breach.
Change Healthcare processes billing and insurance for hundreds of thousands of hospitals, pharmacies and medical practices across the U.S. healthcare sector. As such, it collects and stores vast amounts of highly sensitive medical data on patients in the United States. Through a series of mergers and acquisitions, Change became one of the largest processors of U.S. health data, handling between one-third and one-half of all U.S. health transactions.
Here’s what has happened since the ransomware attack began.
It seemed like an ordinary Wednesday afternoon, until it wasn’t. The outage was sudden. On February 21, billing systems at doctors offices and healthcare practices stopped working, and insurance claims stopped processing. The status page on Change Healthcare’s website was flooded with outage notifications affecting every part of its business, and later that day the company confirmed it was “experiencing a network interruption related to a cyber security issue.” Clearly something had gone very wrong.
It turns out that Change Healthcare invoked its security protocols and shut down its entire network to isolate intruders it found in its systems. That meant sudden and widespread outages across the healthcare sector that relies on a handful of companies — like Change Healthcare — to handle healthcare insurance and billing claims for vast swathes of the United States. It was later determined that the hackers initially broke into the company’s systems over a week earlier, on or around February 12.
After initially (and incorrectly) attributing the intrusion to hackers working for a government or nation-state, UnitedHealth later said on February 29 that the cyberattack was in fact the work of a ransomware gang. UnitedHealth said the gang “represented itself to us as ALPHV/BlackCat,” a company spokesperson told TechCrunch at the time. A dark web leak site associated with the ALPHV/BlackCat gang also took credit for the attack, claiming to have stolen millions of Americans’ sensitive health and patient information, giving the first indication of how many individuals this incident had affected.
ALPHV (aka BlackCat) is a known Russian-speaking ransomware-as-a-service gang. Its affiliates — contractors who work for the gang — break into victim networks and deploy malware developed by ALPHV/BlackCat’s leaders, who take a cut of the profits collected from the ransoms collected from victims to get their files back.
Knowing that the breach was caused by a ransomware gang changed the equation of the attack from the kind of hacking that governments do — sometimes to send a message to another government instead of publishing millions of people’s private information — to a breach caused by financially motivated cybercriminals, who are likely to employ an entirely different playbook to get their payday.
In early March, the ALPHV ransomware gang vanished. The gang’s leak site on the dark web, which weeks earlier took credit for the cyberattack, was replaced with a seizure notice claiming that U.K. and U.S. law enforcement took down the gang’s site. But both the FBI and U.K. authorities denied taking down the ransomware gang as they had attempted months earlier. All signs pointed to ALPHV running off with the ransom and pulling an “exit scam.”
In a posting, the ALPHV affiliate who carried out the hack on Change Healthcare claimed that the ALPHV leadership stole $22 million paid as a ransom and included a link to a single bitcoin transaction on March 3 as proof of their claim. But despite losing their share of the ransom payment, the affiliate said the stolen data is “still with us.” UnitedHealth had paid a ransom to hackers who left the data behind and disappeared.
Meanwhile, weeks into the cyberattack, outages were still ongoing with many unable to get their prescriptions filled or having to pay cash out of pocket. Military health insurance provider TriCare said “all military pharmacies worldwide” were affected as well.
The American Medical Association was saying there was little information from UnitedHealth and Change Healthcare about the ongoing outages, causing massive disruption that continued to ripple across the healthcare sector.
By March 13, Change Healthcare had received a “safe” copy of the stolen data that it had just days earlier paid $22 million for. This allowed Change to begin the process of poring through the dataset to determine whose information was stolen in the cyberattack, with the aim of notifying as many affected individuals as possible.
By late March, the U.S. government said it was upping its bounty for information on key leadership of ALPHV/BlackCat and its affiliates.
By offering $10 million to anyone who can identify or locate the individuals behind the gang, the U.S. government seemed to hope that one of the gang’s insiders would turn on their former leaders. It also could be seen as the U.S. realizing the threat of having a significant number of Americans’ health information potentially published online.
And then there were two — ransoms, that is. By mid-April, the aggrieved affiliate set up a new extortion racket called RansomHub, and since it still had the data that it stole from Change Healthcare, it demanded a second ransom from UnitedHealth. In doing so, RansomHub published a portion of the stolen files containing what appeared to be private and sensitive patient records as proof of their threat.
Ransomware gangs don’t just encrypt files; they also steal as much data as possible and threaten to publish the files if a ransom isn’t paid. This is known as “double extortion.” In some cases when the victim pays, the ransomware gang can extort the victim again — or, in others, extort the victim’s customers, known as “triple extortion.”
Now that UnitedHealth was willing to pay one ransom, there was a risk that the healthcare giant would be extorted again. It’s why law enforcement have long advocated against paying a ransom that allows criminals to profit from cyberattacks.
For the first time, UnitedHealth confirmed on April 22 — more than two months after the ransomware attack began — that there was a data breach and that it likely affects a “substantial proportion of people in America,” without saying how many millions of people that entails. UnitedHealth also confirmed it paid a ransom for the data but would not say how many ransoms it ultimately paid.
The company said that the stolen data includes highly sensitive information, including medical records and health information, diagnoses, medications, test results, imaging and care and treatment plans, and other personal information.
Given that Change Healthcare handles data on about one-third of everyone living in the United States, the data breach is likely to affect more than 100 million people at least. When reached by TechCrunch, a UnitedHealth spokesperson did not dispute the likely affected number but said that the company’s data review was ongoing.
Perhaps unsurprisingly when your company has had one of the biggest data breaches in recent history, its chief executive is bound to get called to testify before lawmakers.
That’s what happened with UnitedHealth Group (UHG) chief executive Andrew Witty, who on Capitol Hill admitted that the hackers broke into Change Healthcare’s systems using a single set password on a user account not protected with multi-factor authentication, a basic security feature that can prevent password reuse attacks by requiring a second code sent to that account holder’s phone.
One of the biggest data breaches in U.S. history was entirely preventable, was the key message. Witty said that the data breach was likely to affect about one-third of people living in America — in line with the company’s previous estimates that the breach affects around as many people that Change Healthcare processes healthcare claims for.
It took Change Healthcare until June 20 to begin formally notifying affected individuals that their information was stolen, as legally required under a law commonly known as HIPAA, likely delayed in part by the sheer size of the stolen dataset.
The company published a notice disclosing the data breach and said that it would begin notifying individuals it had identified in the “safe” copy of the stolen data. But Change said it “cannot confirm exactly” what data was stolen about each individual and that the information may vary from person to person. Change says it was posting the notice on its website, as it “may not have sufficient addresses for all affected individuals.”
The incident was so big and complex that the U.S. Department of Health and Human Services stepped in and said that affected healthcare providers, whose patients are ultimately affected by the breach, can ask UnitedHealth to notify affected patients on their behalf, an effort seen at lessening the burden on smaller providers whose finances were hit amid the ongoing outage.
The health tech giant confirmed in late June that it would begin notifying those whose healthcare data was stolen in its ransomware attack on a rolling basis. That process began in late July.
The letters going out to affected individuals will most likely come from Change Healthcare, if not the specific healthcare provider affected by the hack at Change. The letter confirms what kinds of data was stolen, including medical data and health insurance information, and claims and payment information, which Change said includes financial and banking information.
A spokesperson for UnitedHealth told TechCrunch that the data review was in its “final stages.”
It took the health insurance giant more than eight months to announce, but it has now confirmed that the data breach affects more than 100 million individuals. The number of those affected is expected to rise, given some have received data breach notifications as recently as October. The U.S. Department of Health and Human Services reported the updated number on its data breach portal on October 24.
As it stands, the data breach at Change Healthcare is now the largest digital theft of U.S. medical records, and one of the biggest data breaches in living history.
The state of Nebraska filed a lawsuit against Change Healthcare in December, accusing the healthtech giant of security failings that led to the massive breach of at least 100 million people in America. New details about the hack emerged in the state’s complaint, including that the ALPHV hackers initially broke in using the stolen username and password of a “low-level customer support employee,” which wasn’t protected with multi-factor authentication. The state’s complaint also accuses Change Healthcare of having poorly segmented IT systems, which allowed the hackers to travel freely between servers once inside the company’s firewall.
UnitedHealth Group, which owns Change Healthcare, told TechCrunch that the company was still in the “final stages” of notifying individuals affected by the data breach (the same thing it told us in July), suggesting that the number of Americans affected by the data breach will be far higher than the 100 million disclosed so far.
Keep reading the article on Tech Crunch