The Patient Hackers: What You Need to Know About the Iran Cyber Attack on The US Healthcare
Understanding the Iran Cyber Attack on US Healthcare: Key Insights and Implications
On the morning of February 21, 2024, Change Healthcare, a largely unfamiliar company in the U.S. health system, released a brief statement acknowledging that some of its applications were not functioning. By the afternoon, the issue was identified as a "cybersecurity" problem, leading to a rapidly escalating crisis.
Since that time, the situation has escalated quickly into a crisis. The company, which was recently acquired by insurance behemoth UnitedHealth Group, is said to have fallen victim to a cyberattack. The repercussions are extensive and projected to worsen, with experts tagging it as the “patient hacks.” In this article, we'll take an in-depth look into the infamous alleged cyberattacks on US healthcare by the Iranians, and discuss its implications on patients’ safety.
Details About The Alleged Iran Hack on US Healthcare
American cybersecurity and intelligence agencies have identified an Iranian hacking group responsible for infiltrating numerous organizations throughout the country and working with partners to distribute ransomware.
The activity has been associated with a threat actor called Pioneer Kitten, also known as Fox Kitten, Lemon Sandstorm (previously known as Rubidium), Parisite, and UNC757. This group is believed to be linked to the government of Iran and is suspected of employing an Iranian information technology (IT) company, Danesh Novin Sahand, possibly as a front for their operations.
The attackers are targeting education, finance, healthcare, and defense sectors, as well as local government entities in the U.S. They have also been reported to intrude in Israel, Azerbaijan, and the United Arab Emirates (U.A.E.) in order to steal sensitive data
The Health Information Sharing and Analysis Center, a group that coordinates information sharing within the industry, has informed its members that issues with the ConnectWise ScreenConnect application are responsible for recent attacks. However, specific details have not been confirmed.
Tech support teams use this tool to troubleshoot computer issues remotely. H-ISAC has warned its members that the attack is relatively easy to carry out. They anticipate more victims and have advised members to update their technology. The AHA recommended its members disconnect from systems at Change and its parent company, Optum, to protect services such as claims approvals and reference tools.
Millions of Americans receive care from UnitedHealth employed practitioners and are insured through the company. UnitedHealth has stated that only Change's systems are impacted, and it is still safe for hospitals to utilize other digital services offered by UnitedHealth and Optum, such as claims filing and processing systems.
Who Are Responsible for the US Healthcare Attack?
Media reports are pointing to ALPHV, a well-known ransomware group also referred to as Blackcat, as the primary suspect in cyberattacks that have caught the attention of law enforcement agencies internationally. Despite UnitedHealth Group suggesting that it may be a "suspected nation-state associated" attack, some experts are questioning this assertion. ALPHV has a history of targeting various entities, including major casino companies like MGM and Caesars, as well as other victims.
Before the Change hack in December, the Department of Justice claimed that victims of the group had already paid hundreds of millions of dollars in ransoms.
How it Began
The Attack is not a new issue. According to a study released in JAMA Health Forum in December 2022, the yearly amount of ransomware attacks on hospitals and other healthcare providers increased by twofold from 2016 to 2021. Aaron Miri, the chief digital and information officer at Baptist Health in Jacksonville, Florida, commented, "It's just more of the same.”
Due to the disruptions caused by the cyberattacks, organizations are forced to resort to using paper-based systems which hinders their efficiency and leaves them susceptible to information gaps. A study released in May 2023 by JAMA Network Open analyzed the impact of a cyberattack on a healthcare system and discovered that waiting times, length of stay, and rates of patients leaving without receiving care all surged at nearby emergency departments. The findings led the authors to classify cyberattacks as a potential regional catastrophe.
Attacks have caused significant destruction to rural hospitals, Miri stated. As a result, patient safety concerns have arisen in areas where healthcare providers have been impacted.
How Does the Iran Hack on US Healthcare Affect the Patients?
Each year, an increasing number of Americans experience breaches in their health data, leaving them vulnerable to identity theft and medical errors. These breaches not only compromise personal information but can also have negative impacts on the quality of care individuals receive. For instance, in 2017, a cyber attack known as "NotPetya" disrupted the operations of a rural hospital in West Virginia, forcing it to reboot its systems. The attack also affected pharmaceutical company Merck, causing disruptions in their ability to meet production targets for an HPV vaccine.
Due to the cyber attack on Change Healthcare, certain patients may be redirected to alternative pharmacies with fewer billing issues. Delays in patients' billing may also occur, according to industry leaders. It is possible that many patients will eventually be informed of a breach in their data security. Depending on the specific information compromised, these patients may face a higher risk of identity theft. In such cases, companies typically provide complimentary credit monitoring services to affected individuals
"This is leading to patients losing their lives," experts have declared. Indeed, a recent preprint released in October by researchers at the University of Minnesota revealed a nearly 21% rise in mortality rates for patients at a hospital affected by ransomware.
The Patient Hackers: A Wake up Call to Boost Cybersecurity Posture in the Healthcare Industry
The use of Iranian state-sponsored ransomware operations is nothing new. In December 2020, cybersecurity companies Check Point and ClearSky revealed a hack-and-leak campaign called Pay2Key by Pioneer Kitten, which targeted numerous Israeli companies by exploiting already known security vulnerabilities. Their tactics keep getting sophisticated by the day, and hence the need for organizations (especially the healthcare industry, in this case) to improve their cybersecurity defense mechanisms.
The SamurAI is a cybersecurity company that uses cutting-edge solutions capable of mitigating even the most sophisticated cyberthreats. Contact us today to learn more about our services and how we can help safeguard your company against cybercriminals from any region.
Understanding the Iran Cyber Attack: Safeguarding U.S. Healthcare from Patient Hackers
In light of recent cyber attacks targeting the U.S. healthcare system, including the alarming incident involving Iranian hackers, it's crucial to stay ahead of evolving threats. The SamurAI is dedicated to safeguarding your organization against such risks by offering cutting-edge cybersecurity solutions tailored for the healthcare industry. Stay informed, protect your sensitive patient data, and ensure compliance with industry regulations. Contact us today to learn how we can fortify your defenses and keep your healthcare data secure.
We're Delivering The Best Customer Experience