The complaint from Nebraska’s attorney general highlights the inadequate security measures at Change Healthcare that led to a data breach exposing sensitive health information of over 100 million individuals. This breach is described as "historic" not just for its scale but for the vulnerabilities it reveals within the healthcare technology sector.
Nebraska's attorney general Mike Hilgers asserts that Change Healthcare's failures in cybersecurity, including poorly segmented IT systems and lack of multi-factor authentication, were key factors that allowed the ALPHV ransomware gang to exploit vulnerabilities and facilitate this massive data breach.
Details in the lawsuit reveal that the hackers accessed Change Healthcare's network through a 'low-level customer support employee's' username and password, which was compromised and available on a Telegram group known for selling stolen credentials. This points to significant security lapses in user account management.
Hilgers emphasizes that the impact of this breach is far-reaching, affecting personal information such as addresses and financial data of more than 100 million Americans. The consequences of this incident underscore the need for robust cybersecurity measures within the healthcare technology sector.
Collection
[
|
...
]