• • On February 12, cybercriminals used compromised credentials to remotely access Change Healthcare’s Citrix portal, which lacked multi-factor authentication (MFA). This allowed unauthorized access to sensitive systems and data.

• • ALPHV/BlackCat ransomware group

• • • 6 TB of sensitive data, including health insurance information, medical records, SSNs, payment info, and billing details.
    • Critical healthcare operations were forced offline, disrupting services and claim processing.

• • Attackers exploited the lack of MFA on the Citrix portal, using stolen credentials to gain initial access.
  • How It Was Discovered: Cyber experts investigated and confirmed the breach through system monitoring tools and response protocols.

The breach caused widespread disruptions in claims processing, impacting patients and providers across the country.  An American Medical Association survey found that: 

• Four in five clinicians lost revenue
• 77% experienced service disruptions
• 55% of practice owners used personal funds to pay bills and payroll 
• Change Healthcare paid $22 million ransom to the hackers.  The CEO said it was one of the hardest decisions he’s ever made.