Change Healthcare, a payment exchange platform operated by Optum Solutions (a subsidiary of UnitedHealth), suffered a ransomware attack in February of this year. The current estimate of damages is approximately $872,000,000. Details on the attack can be found on Bleeping Computer’s site: https://bit.ly/4bB2ihd. Let’s break down some lessons learned from this incident.

Preliminary information from the ongoing investigation suggests that the attackers used stolen credentials to access the company’s Citrix portal (Citrix is a system for remotely accessing company resources). It’s important to note that the compromised account did not have multi-factor authentication enabled on it, meaning that once the attackers had the username and password, they were able to log in without any additional checks. They then worked their way further into the network and started exfiltrating data, ultimately locking up systems in a ransomware attack. The investigation found that the initial system access happened at least 10 days prior to the ransomware being deployed and affecting the availability of resources. Additionally, it appears that malware on a device stole an employee’s Citrix credentials the day before the initial access; however, it is as yet unknown whether those same credentials were used in the attack.

What can we learn from this?

1. Cybersecurity is a team effort: Cybersecurity is not just the responsibility of the IT person/department/company. It is important for all employees to be aware of the risks and take steps to protect their devices and data. Businesses need to create a culture of cybersecurity awareness and provide training to their employees on how to spot cyber threats.
2. Educate employees about cybersecurity: Employees are often the first point of contact in the cybersecurity chain. Businesses need to educate employees about cybersecurity best practices, such as how to identify and avoid phishing attacks and how to create strong passwords.
3. Implement a layered security approach: This involves using a variety of security controls, such as multi-factor authentication, firewalls, intrusion detection systems, and data encryption, to protect their systems and data. No one solution is 100% effective at stopping attacks.
4. Have a plan in place to respond to cyberattacks: This plan should include steps to identify and contain the attack, mitigate the damage, and communicate with customers and employees.

Sign up for our monthly Timely Tech Tips: https://bit.ly/CBTech-Tips. For weekly tips like these, follow us on Facebook: http://bit.ly/2sCMb30 LinkedIn: http://bit.ly/375e6HB Twitter: http://bit.ly/3ajca0n