TLDR:
- A cyberattack on Change Healthcare was caused by a strain of LockBit malware exploiting vulnerabilities in ConnectWise ScreenConnect.
- UnitedHealth, the parent company, reported the incident, citing a suspected nation-state actor gaining access to IT systems.
Security experts have warned of the significance of the flaws in ConnectWise’s ScreenConnect app, which were exploited in a recent cyberattack on Change Healthcare. The incident, caused by LockBit malware, led to disruptions at pharmacies and highlighted vulnerabilities in the healthcare sector.
Toby Gouker, chief security officer at First Health Advisory, emphasized the importance of timely patching to prevent exploitation of disclosed vulnerabilities. Although ConnectWise did not confirm a direct connection between the incident and the vulnerability, Gouker’s analysis suggests a link.
The involvement of LockBit ransomware, suspected nation-state actors, and the sensitive patient data at risk underscore the severity of the attack. Efforts to obtain comments from Change Healthcare and ConnectWise were unsuccessful, but the incident serves as a reminder of the importance of cybersecurity audits in M&A processes within the healthcare industry.
Ritu Gupta, senior product manager at Menlo Security, expressed concerns about the operational disruptions caused by the attack and the potential escalation given the critical nature of services provided by Change Healthcare. The impact of the cyberattack on patient data security remains a significant issue.