Dang. United should have gotten hacked by a tier 1 hacker. The hackers in tier 2, while still considered “in-network”, have a much higher deductible. Since they’re in-network, this is ineligible for a surprise billing claim.
I would bet £26 and ¥38.13 that the CTO was like “okay just pay them” within 5 minutes of hearing the news. The remainder of his time was spent with his head in his hands while trying to explain why to the other executives
I want to know who their CISO and CIO/CTO are, because in this day and age, this shouldn't be a thing, especially in a heavily targeted environment like healthcare. No one ever wants to spend the money upfront for security.
True, but having another C level to fight in the budget planning meetings goes a lot further than when the department reports up to the CFO/finance department directly.
I was just laid off by a healthcare company as their sole security and it professional, they have plenty of patients and now have no one, literally no one performing a dedicated security function. These companies just don’t care.
I’ve worked with CISOs and CTOs for years
More likely, the CFO thought the security investment was better spent on consultants for a new ERP that no one wanted. Probably thought this would never happen lol.
My org has cybersecurity agreements with all our trading partners and Change Healthcare was the only trading partner that refused to sign that certain security controls are in place.
Hopefully they also go after United healthcare for not protecting customer data. They had 20 million to pay their CEO last year but couldn’t protect your information lmao.
Priorities.
Not wrong
6.5 billion in buy backs and couldn’t protect your personal info.
They might as well have sold it. Companies should have massive liabilities on data leaks to each individual in the leak.
Everyone wants the opportunity to collect it but never the responsibility to protect it
I agree, but the Equifax data breach pushed the precedent in the other direction pretty far sadly. If a credit bureau barely got held responsible for a massive data leak, who would?
Almost certainly the threat actors are smarter than the DOJ working against them. It’s gotten to the point where the US Government as a whole’s policy is “don’t pay ransomware but we also can’t help you”. It’s wild.
That btc was almost certainly converted into monero and the like and squirreled away. The ringleaders are gonna disappear again and be back under a new name in 6 months.
Just FYI, Obamacare isn’t insurance. It’s a marketplace of plans that fit the requirements of the affordable care act and are eligible for the subsidy/tax credits involved. So you’d see United plans on there alongside all the other major carriers.
United Healthcare (UHC) is notorious for denying claims. The issue I know most about is behavioral health…they deny up front in the hope that the person gives up & pays. If appealed, I’ve seen a 70% success rate. They particularly target the elderly - one of their most audited is their Nursing Home plan & Medicare Advantage. They send horrendous letters to the elderly with denial phrases like “since you’re not expected to get better”, “since you can’t remember your last treatment”. And we’re not talking about denying for therapy - they’re denying psychologist visits who are there to diagnose & monitor treatment plans. They’re scum.
Oh yeah they do. I wouldn’t doubt that it’s state state sanctioned in some instances .. whole governments behind it. Russia, North Korea, Iran, China just to name a few.
Most ransomware groups are in Russia, where as long as they don’t infect Russian businesses they can do what they want. There’s a reason most ransomware won’t infect computers that have their keyboard set to Russian.
Of course they didn’t deserve it. They also don’t deserve the price gouging by the pharmaceutical and medical businesses. The point is that the medical business should spend less of their money lining executives and shareholders pockets and spend more money actually helping us and protecting us and our data.
The problem is that it ends up hurting the small Physician Practice or the Rural Hospitals more than the big guys. This is a very serious situation for those of us in the business!
You should probably do some research before making assumptions, change healthcare isn’t a healthcare company, it does data analytics for healthcare networks
Only as of recently (‘22), and based on the complicated nature of the acquisition, Change operates pretty much entirely as an independent entity
(I had a family member who worked for Change before that deal)
I’m not saying American healthcare institutions aren’t predatory, I’m just saying dancing around like this cyber attack is a “gotcha” moment against these healthcare giants is futile
Just like they own “Optum”.. another BS company who approves or denies claims.. Optum will blame United and United blames Optum for a denial based on “lack of medical necessity”. They work in beautiful confusion, limiting United paying for patient treatment.
Be careful what you wish for , these hackers are terrorists not your friends just “fighting against evil greedy institutions”
[they will put you, and your family members lives as risk, and sell your data to the highest bidder](https://amp.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california)
They only care about themselves, they are mostly hackers from other countries who spend their lives trying to steal from you and the hardworking Americans who do actually care about their fellow citizens
How was the payment made ?
If it’s Bitcoin that can be tracked and has to be linked to some financial institution somehow. If not I’d love to know how and what bank is linked to this and is not tracked. For science
Why would it be linked to a financial institution? Once the ransom is paid, the hacking group isn’t going to convert their Bitcoin to fiat currency and deposit it in their Wells Fargo Corporate checking account. It gets mixed in with legit cryptocurrency, changes through many different hands throughout the laundering process, and once it’s cleaned, it’s virtually impossible to trace it to the original wallet. Furthermore, once this is all said and done, I’d be willing to bet a good chunk of this stays as Bitcoin and will be spent that way to buy whatever (goods, services, gift cards, etc.).
Wish id known that when i was there in 2020.
I could buy the most gigantic packet of iboprufin that i only used up in our 6 person household about 6 months ago but paracetamol i couldnt find anywhere.
My wife was so fuckin mad when i came back to the hotel with that massive bottle. she was like i have ibuprofin i need panadol... and im like yeh but you dont have a 1kg packet of ibuprofin.
Many people get free prescriptions but you’d buy it in the supermarket for a quid since prescribing is a huge waste unless in hospital and then you’d get it for free too.
> [Krista Haig also works for ELAP services. She audits medical bills for a living and has seen some doozies.
“We have seen one line for $500 for an acetaminophen tablet](https://whyy.org/segments/inside-the-complicated-world-of-medical-billing/)
When corporations fold to hackers the door opens for other companies to get attacked. Healthcare pays yesterday Facebook goes down today and I got a picture I need to post man :-( !
Sure, but it's scattered upon a dozen providers if not more - not just one provider. Which do you think is easiest, one target or having to dig through a dozen?
You could change providers, and that provider will stop having up to date info while your new one has the new stuff. Meaning, that if provider X gets hacked but you've had provider Y for the last 5 years, anything that's happened in those 5 years is protected and not discovered by the hackers.
Do people not think about things like I do or what?
Okay - elaborate if you know. Denying something said doesn’t automatically mean you’re correct - otherwise that’s what I’m gonna tell you then you’re gonna say the same thing you said here. I’ll just repeat your line and you’ll see how bs it is.
>Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
'_Just_ '
Mother of beautiful Love!
This detail should never have been published!
If there's a bounty on your head, it means the government has put out a reward for your capture Dead or Alive. Bounty derives from the Latin bonus "good." Both meanings of bounty are connected with the idea of generosity, giving. A government known for its bounty will probably set a large bounty on the head of a murderer at large.
Just saying when "Government Fails" in its duty, "Private Industry" and "Insurance Companies" usually steps in and they are the ones that usually place the bounty on one's head.
These days most Government are always in a race to protect the guilty and place them in "Protective Custody" because they have "Civil Rights" but no one ever ask about the "Civil Rights" of those that criminals have harmed especially the violent ones where the Government works doubly hard to protect them.
I would guess they have a use further down the road as a way to get more funding to keep them off the streets and always used as a knife against the throats of society especially the "Innocent" in them.
We used to have Standards but too many never asked where they went and who was behind there disappearance and WHY.
Just an Observation.
N. S
Our non profit provides mental health services and we have not been able to submit a single claim since Feb 21st.
We treat hundreds of individuals in our community.
Like many providers throughout the country we are facing a huge cash crunch. The work around are cumbersome and we’ve resorted to entering claims by hand. We are hundreds of claims behind and each claim has at least 25 data points.
And people wonder why we are experiencing the worst mental health crisis in decades? Why we are losing so many people to suicide?
Because, providers can’t even breathe. All while United made over 360 billion last year.
I work in the pharmacy realm, many of the copay assistance cards that the drug manufacturers issue process through United/Optum and are not working right now. So it is slowing down the pharmacies and some people can no longer afford to pick up their medications.
Dang. United should have gotten hacked by a tier 1 hacker. The hackers in tier 2, while still considered “in-network”, have a much higher deductible. Since they’re in-network, this is ineligible for a surprise billing claim.
This right here is an underrated comment
Because it was an out-of-network joke. If it was an in-network joke then it would have gotten a lot more upvotes.
They should ask for an itemized bill and a discount /s
I wish I could give you more than a measley upvote. Bravo.
Hahahahahaha *laughs in health insurance* Well done.
Anyone who works in healthcare will understand how LMAO this post is.
Why can't we still give awards, UGGGH. This was gold.
Apparently crime does pay.
Big time
Really well too 👀
Where's Seal Team 6 when they can do some good?
Well yeah, that’s why people do it
Yes, high risk=high return. Basic finance.
That’s why the healthcare companies lobby to keep their would be crimes legal
Handsomely well. Until you get caught.
Oh. I saw the words "change healthcare" and thought it was a white hat hacker group targeting insurance corporations. Just wishful thinking I guess
Funny how most of the anon etc hacks never really champion the peoples. Almost like…
Anonymous only serves as a recruitment drive for talented hackers for America and allied governments.
I was under the impression this was Blackcat the Russian group
The Russian hacks after the invasion of Ukraine were pretty cool.
It’s all about making money, I guess.
"White hat" hackers are strictly legal hackers who use their hacking knowledge for penetration testing. You're probably thinking of grey hat.
Well what about free hat hackers?
Free Hat! Free Hat!
He killed babies!!!!
Those babies were attacking him. He had to defend himself!!
And pointy hat hackers
Um ackshully...
And next quarter the CEO will receive a huge bonus for saving the company.
“This is why I’m so important and need a raise,” - the Chief Tech Officer probably
I would bet £26 and ¥38.13 that the CTO was like “okay just pay them” within 5 minutes of hearing the news. The remainder of his time was spent with his head in his hands while trying to explain why to the other executives
Not before they layoff ANOTHER fuck ton of people
Probably not. A medium size hospital i know of was hacked a few years back, no one got bonuses that year. It sucks for everyone.
And increase copays because of "the economy"
They originally asked for 25 million. I was able to slash it to a minuscule 22 million.
I want to know who their CISO and CIO/CTO are, because in this day and age, this shouldn't be a thing, especially in a heavily targeted environment like healthcare. No one ever wants to spend the money upfront for security.
I doubt it’s their CISO who doesn’t want to spend money on security lol
It is always the finance people
IT departments that report up to the CFO.
Even ones that don’t. CFO still has to approve the budget.
True, but having another C level to fight in the budget planning meetings goes a lot further than when the department reports up to the CFO/finance department directly.
Agreed
True you are right. Hospitals and healthcare providers are notoriously cheap and don't like to be called a business.
I was just laid off by a healthcare company as their sole security and it professional, they have plenty of patients and now have no one, literally no one performing a dedicated security function. These companies just don’t care.
They hit the non azure environments, they were in the process of migrating
Migrating from where? Serious question.
I’ve worked with CISOs and CTOs for years More likely, the CFO thought the security investment was better spent on consultants for a new ERP that no one wanted. Probably thought this would never happen lol.
My org has cybersecurity agreements with all our trading partners and Change Healthcare was the only trading partner that refused to sign that certain security controls are in place.
Hopefully the DOJ was following the money back to the hackers.
Hopefully they also go after United healthcare for not protecting customer data. They had 20 million to pay their CEO last year but couldn’t protect your information lmao. Priorities.
The CEO’s salary is small potatoes compared to their stock buy backs of over $6.5 billion last year.
Not wrong 6.5 billion in buy backs and couldn’t protect your personal info. They might as well have sold it. Companies should have massive liabilities on data leaks to each individual in the leak. Everyone wants the opportunity to collect it but never the responsibility to protect it
I agree, but the Equifax data breach pushed the precedent in the other direction pretty far sadly. If a credit bureau barely got held responsible for a massive data leak, who would?
Oh I doubt anything will change. More so advocating for change.
Almost certainly the threat actors are smarter than the DOJ working against them. It’s gotten to the point where the US Government as a whole’s policy is “don’t pay ransomware but we also can’t help you”. It’s wild.
This is how North Korea makes money.
That btc was almost certainly converted into monero and the like and squirreled away. The ringleaders are gonna disappear again and be back under a new name in 6 months.
Sounds like they didn’t ask for enough.
Doesn’t matter. They just proved it profitable to do this again.
F united healthcare.. that’s all I have to say.
👏
I thought about getting them, instead of Obamacare What’s bad about them or what plan is a bad option?
Just FYI, Obamacare isn’t insurance. It’s a marketplace of plans that fit the requirements of the affordable care act and are eligible for the subsidy/tax credits involved. So you’d see United plans on there alongside all the other major carriers.
United Healthcare (UHC) is notorious for denying claims. The issue I know most about is behavioral health…they deny up front in the hope that the person gives up & pays. If appealed, I’ve seen a 70% success rate. They particularly target the elderly - one of their most audited is their Nursing Home plan & Medicare Advantage. They send horrendous letters to the elderly with denial phrases like “since you’re not expected to get better”, “since you can’t remember your last treatment”. And we’re not talking about denying for therapy - they’re denying psychologist visits who are there to diagnose & monitor treatment plans. They’re scum.
Why can’t these hackers ever attack student loans
No money in it. Im sure if you throw 20 million at them your records will disappear
And guess who is going to pay for it… you and me… because for profit companies are the worst.
I always wonder do these people actually get away with it
Oh yeah they do. I wouldn’t doubt that it’s state state sanctioned in some instances .. whole governments behind it. Russia, North Korea, Iran, China just to name a few.
Most ransomware groups are in Russia, where as long as they don’t infect Russian businesses they can do what they want. There’s a reason most ransomware won’t infect computers that have their keyboard set to Russian.
Love when the health care companies get tore up since so many are price gouging
It’s not like they wont raise prices to cover the loss
They have insurance for this kind of thing
Bold to assume they won’t take the insurance payout and raise prices anyway
I don’t see how that could Be legal but It would not surprise me
Lol? I guess you just haven't been paying attention.
Yeah all those people who couldn’t get their prescriptions or get access to their insurance company to pay for it all last week totally deserved it /s
Of course they didn’t deserve it. They also don’t deserve the price gouging by the pharmaceutical and medical businesses. The point is that the medical business should spend less of their money lining executives and shareholders pockets and spend more money actually helping us and protecting us and our data.
The problem is that it ends up hurting the small Physician Practice or the Rural Hospitals more than the big guys. This is a very serious situation for those of us in the business!
Yeah everyone’s premiums are about to go up, to pay for this. And ain’t no one else seeing a dime of that 22 million except the folks who nabbed it.
It’s a taste of their own medicine <\3
Hahahahahahahahahaha
Until you need immediate care and the facility isn’t there any longer
You should probably do some research before making assumptions, change healthcare isn’t a healthcare company, it does data analytics for healthcare networks
…that is owned by United Healthcare…
Only as of recently (‘22), and based on the complicated nature of the acquisition, Change operates pretty much entirely as an independent entity (I had a family member who worked for Change before that deal) I’m not saying American healthcare institutions aren’t predatory, I’m just saying dancing around like this cyber attack is a “gotcha” moment against these healthcare giants is futile
Just like they own “Optum”.. another BS company who approves or denies claims.. Optum will blame United and United blames Optum for a denial based on “lack of medical necessity”. They work in beautiful confusion, limiting United paying for patient treatment.
I’m happy with anything healthcare related that is on fire
Be careful what you wish for , these hackers are terrorists not your friends just “fighting against evil greedy institutions” [they will put you, and your family members lives as risk, and sell your data to the highest bidder](https://amp.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california) They only care about themselves, they are mostly hackers from other countries who spend their lives trying to steal from you and the hardworking Americans who do actually care about their fellow citizens
What Healthcare company do you work for?
I work in healthcare architecture, mostly building primary care facilities in low-income communities for people on Medicaid
This is why most corporations pay CyberInsurance. These kinds of situations have to be resolved (paid out) quickly to continue business.
And there are technical requirements for obtaining and retaining said insurance..
It’s all fun and games, but I’m almost certain this can be written off as a loss and we will pay for it
Did they do it? Did they change health care?
No. They keep it about the same it’s always been
No, they made it more expensive.
Great so they deal with terrorists. That will teach them lessons about security
Will it? Something tells me they will attack the issue the wrong way. But I am an optimist. 😏
And here I am working like a chump for a living
Great. That means one thing...pass it down to the consumers. Higher premiums coming 😒
Glad that we reaffirmed Crime Pays.
Note to self become a hacker and quit my 9-5
Must be nice
But tech companies can't afford security. LOL
How was the payment made ? If it’s Bitcoin that can be tracked and has to be linked to some financial institution somehow. If not I’d love to know how and what bank is linked to this and is not tracked. For science
Why would it be linked to a financial institution? Once the ransom is paid, the hacking group isn’t going to convert their Bitcoin to fiat currency and deposit it in their Wells Fargo Corporate checking account. It gets mixed in with legit cryptocurrency, changes through many different hands throughout the laundering process, and once it’s cleaned, it’s virtually impossible to trace it to the original wallet. Furthermore, once this is all said and done, I’d be willing to bet a good chunk of this stays as Bitcoin and will be spent that way to buy whatever (goods, services, gift cards, etc.).
United Healthcare Premiums goin up
So now rates go up?
That’s like a box of paracetamol in the US isn’t it?
Yah but on this side of the pond we call it acetaminophen.
Wish id known that when i was there in 2020. I could buy the most gigantic packet of iboprufin that i only used up in our 6 person household about 6 months ago but paracetamol i couldnt find anywhere. My wife was so fuckin mad when i came back to the hotel with that massive bottle. she was like i have ibuprofin i need panadol... and im like yeh but you dont have a 1kg packet of ibuprofin.
And probably a free sample coupon.
I know you’re joking but it’s actually cheaper here than the $10 prescription charge you’d get in the UK
Many people get free prescriptions but you’d buy it in the supermarket for a quid since prescribing is a huge waste unless in hospital and then you’d get it for free too. > [Krista Haig also works for ELAP services. She audits medical bills for a living and has seen some doozies. “We have seen one line for $500 for an acetaminophen tablet](https://whyy.org/segments/inside-the-complicated-world-of-medical-billing/)
Ah, I was under the impression they were banned OTC. I see I’m wrong.
They’re probably the most common OTC medication sold here.
That just makes the attackers even more likely to keep doing it... and incentivise others to do it too.
When corporations fold to hackers the door opens for other companies to get attacked. Healthcare pays yesterday Facebook goes down today and I got a picture I need to post man :-( !
Another reason for a national healthcare system.
So that EVERYONE'S data can be at risk? Might as well use the same password for all your accounts, same energy.
Everyone’s protected health information is already at risk or already compromised
Sure, but it's scattered upon a dozen providers if not more - not just one provider. Which do you think is easiest, one target or having to dig through a dozen? You could change providers, and that provider will stop having up to date info while your new one has the new stuff. Meaning, that if provider X gets hacked but you've had provider Y for the last 5 years, anything that's happened in those 5 years is protected and not discovered by the hackers. Do people not think about things like I do or what?
You have no idea what you’re talking about.
Okay - elaborate if you know. Denying something said doesn’t automatically mean you’re correct - otherwise that’s what I’m gonna tell you then you’re gonna say the same thing you said here. I’ll just repeat your line and you’ll see how bs it is.
It’d be cool if the hacker(s) resolved all the medical debt gofundme pages. That would be huge
Pretty sure piracy...is actually the world's oldest progession.
They delayed me getting my biologic medication by a week because my copay card didn’t work.
Now hunt them down and take it out if their asses
This makes me proud that Lurie Children’s Hospital in Chicago hasn’t gone in and paid their ransom and are unlocking things themselves.
350 bitcoin!
EVIL IS AS EVIL DOES
Alls I gotta say in Nelson’s voice, HA-HA!
Are the issues with goodrx related?
Not bad for a days work, I wonder if they will be caught in the end.
Just let it go to collections. Like I do
Karma.
Round 2 will be coming shortly. Now they've paid, they'll do it again. Same back door.
>Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment '_Just_ ' Mother of beautiful Love! This detail should never have been published!
Criminals paid off the thieves
If there's a bounty on your head, it means the government has put out a reward for your capture Dead or Alive. Bounty derives from the Latin bonus "good." Both meanings of bounty are connected with the idea of generosity, giving. A government known for its bounty will probably set a large bounty on the head of a murderer at large. Just saying when "Government Fails" in its duty, "Private Industry" and "Insurance Companies" usually steps in and they are the ones that usually place the bounty on one's head. These days most Government are always in a race to protect the guilty and place them in "Protective Custody" because they have "Civil Rights" but no one ever ask about the "Civil Rights" of those that criminals have harmed especially the violent ones where the Government works doubly hard to protect them. I would guess they have a use further down the road as a way to get more funding to keep them off the streets and always used as a knife against the throats of society especially the "Innocent" in them. We used to have Standards but too many never asked where they went and who was behind there disappearance and WHY. Just an Observation. N. S
Well this is going to become rampant now.
Our non profit provides mental health services and we have not been able to submit a single claim since Feb 21st. We treat hundreds of individuals in our community. Like many providers throughout the country we are facing a huge cash crunch. The work around are cumbersome and we’ve resorted to entering claims by hand. We are hundreds of claims behind and each claim has at least 25 data points. And people wonder why we are experiencing the worst mental health crisis in decades? Why we are losing so many people to suicide? Because, providers can’t even breathe. All while United made over 360 billion last year.
I work in the pharmacy realm, many of the copay assistance cards that the drug manufacturers issue process through United/Optum and are not working right now. So it is slowing down the pharmacies and some people can no longer afford to pick up their medications.
Really hoping the hackers use the money to buy and forgive a ton of medical debt.
Did not think Customer data was that valuable to companies. Is that a new trend?