Connect with us

Published

9 months ago

on

Change Healthcare’s systems are down for the seventh day after a cyber threat actor gained access to its network last week. Parent company UnitedHealth Group said most U.S. pharmacies have set up electronic workarounds to mitigate the impact.

UnitedHealth discovered that a “suspected nation-state-associated” threat actor breached part of Change Healthcare’s information technology network on Wednesday, according to a filing with the U.S. Securities and Exchange Commission Thursday. UnitedHealth isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said. 

Change Healthcare offers tools for payment and revenue cycle management, and its system outages have disrupted operations in pharmacies and health systems across the country. UnitedHealth said late Monday night that more than 90% of the nation’s pharmacies have set up modified electronic claims processing workarounds, while the rest have set up offline processing systems.

The disruption has not impacted provider cash flows yet since payments are typically issued one to two weeks after processing, UnitedHealth said Monday.

UnitedHealth is the biggest health-care company in the U.S. by market cap, and it owns the health-care provider Optum, which services more than 100 million patients in the U.S., according to its website. Change Healthcare merged with Optum in 2022.

In a series of updates posted since Wednesday, Change Healthcare said it has a “high-level” of confidence that Optum, UnitedHealthcare and UnitedHealth Group’s systems were not affected by the attack. UnitedHealth said that these entities have been working with external partners like Palo Alto Networks and Google Cloud’s Mandiant to assess the breach.

“We appreciate the partnership and hard work of all of our relevant stakeholders to ensure providers and pharmacists have effective workarounds to serve their patients as systems are restored to normal,” UnitedHealth told CNBC in a statement Monday night. 

Rising number of health-care cyberattacks

The attack on Change Healthcare comes after 2023 set a grim record for health-related cybercrime. There were 725 large health-care security breaches last year, up from the record 720 the previous year, according to a January report from The HIPAA Journal.

Health data is attractive to bad actors because it can be easily monetized and sold on the dark web to perpetuate other crimes like identity theft and health-care fraud, said John Riggi, national advisor for cybersecurity and risk at the American Hospital Association. 

He said there are different kinds of cyberattacks impacting the health-care sector, including data theft attacks and ransomware attacks. In a data theft attack, bad actors sneak into a system and steal data. In a high-impact ransomware attack, the fallout can cause immediate harm to patients’ physical safety. 

“They come in and encrypt all the data in networks, so that suddenly, immediately, systems go dark, they become unavailable,” Riggi told CNBC in an interview. This means diagnostic technologies like CT scanners can go offline, and ambulances carrying patients are often diverted, which can delay life-saving care. 

UnitedHealth has not yet disclosed the nature of the attack on Change Healthcare.

“They’re a victim of a foreign-based cyberattack,” Riggi said. “Ultimately, though, this was not an attack just on them, this was an attack on the entire health-care sector.” 

Health care is a complex industry with lots of moving pieces and entry points, which means it can be hard for any organization to be 100% secure, said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance. 

Even so, he said there are steps individuals can take to help keep their personal data safe, like keeping their software updated, setting up multi-factor authentication and using strong, unique passwords. 

“We all have a job to keep ourselves safe online,” Steinhauer told CNBC in an interview.

Riggi said senior health-care leaders need to dedicate real resources to cybersecurity and understand that it presents a risk to “every function” of the organization. In addition to deploying necessary technical defenses, he said health systems need to foster cultures where everyone feels like a part of the cybersecurity team. 

But when it comes to preventing cyberattacks, Riggi said offense is just as important as defense. 

“This is equivalent to cyber terrorism,” he said. “The government must devote as much priority, attention and resources to going after the bad guys who are conducting these attacks.” 

Impact of Change Healthcare’s breach

UnitedHealth has not specifically disclosed exactly which Change Healthcare systems have been affected, but the fallout from the cyberattack has caused a ripple of problems across the U.S. health-care system. 

CVS Health said some of its business operations were impacted by the interruption in a statement to CNBC on Saturday. The company said it has been unable to process insurance claims in some cases, though it can still fill prescriptions.

There is “no indication” that its systems have been compromised, CVS Health said in the statement.

Walgreens told CNBC that its pharmacy operations and the “vast majority” of its prescriptions have not been impacted by the breach at Change Healthcare, according to a statement Monday. The company said it has procedures to process the “small percentage” of prescriptions that may experience problems. 

For consumers like Cary Brazeman, the disruption has been a headache. 

Brazeman tried to pick up a prescription at a Vons pharmacy in Palm Springs on Saturday, a day after seeing his dermatologist, but it was a fruitless effort. He was told that the pharmacy hadn’t received the transmission from his doctor, and even if they had, they wouldn’t have been able to run his insurance.

“I’m like, ‘Okay, what am I supposed to do now?’ and they’re like, ‘We don’t know,” Brazeman told CNBC in an interview. 

By Monday, Brazeman said the pharmacy had set up a workaround that helped it communicate with some insurance companies, but not all. He said he plans to revisit his doctor on Tuesday to pick up a paper copy of his prescription for the pharmacy. He hopes they can process his insurance. 

Brazeman said he has been so concerned with the logistics of retrieving his medication that he wasn’t worried, until recently, about whether his personal information was exposed in the breach. The immediate problem, he said, is getting medication to the people who need it – especially those who have conditions more serious than his own. 

“I’m mobile, so I can make these rounds if necessary, and I can pay cash if necessary, but there’s a lot of people who cannot,” he said. 

Related Topics:
Continue Reading

Technology

Amazon was questioned by House China committee over ‘dangerous and unwise’ TikTok partnership

Published

11 hours ago

on

November 14, 2024

By

Amazon was questioned by House China committee over 'dangerous and unwise' TikTok partnership

Amazon logo on a brick building exterior, San Francisco, California, August 20, 2024.

Smith Collection | Gado | Archive Photos | Getty Images

Amazon representatives met with the House China committee in recent months to discuss lawmaker concerns over the company’s partnership with TikTok, CNBC confirmed.

A spokesperson for the House Select Committee on the Chinese Communist Party confirmed the meeting, which centered on a shopping deal between Amazon and TikTok announced in August. The agreement allows users of TikTok, owned by China’s ByteDance, to link their account with Amazon and make purchases from the site without leaving TikTok.

“The Select Committee conveyed to Amazon that it is dangerous and unwise for Amazon to partner with TikTok given the grave national security threat the app poses,” the spokesperson said. The parties met in September, according to Bloomberg, which first reported the news.

Representatives from Amazon and TikTok did not immediately respond to CNBC’s request for comment.

TikTok’s future viability in the U.S. is uncertain. In April, President Joe Biden signed a law that requires ByteDance to sell TikTok by Jan. 19. If TikTok fails to cut ties with its parent company, app stores and internet hosting services would be prohibited from offering the app.

President-elect Donald Trump could rescue TikTok from a potential U.S. ban. He promised on the campaign trail that he would “save” TikTok, and said in a March interview with CNBC’s “Squawk Box” that “there’s a lot of good and there’s a lot of bad” with the app.

In his first administration, Trump had tried to implement a TikTok ban. He changed his stance around the time he met with billionaire Jeff Yass. The Republican megadonor’s trading firm, Susquehanna International Group, owns a 15% stake in ByteDance, while Yass has a 7% stake in the company, NBC and CNBC reported in March.

— CNBC’s Jonathan Vanian contributed to this report.

Don’t miss these insights from CNBC PRO

TikTok is 'digital nicotine' for young people, says D.C. Attorney General Brian Schwalb

Continue Reading

Technology

Amazon launches fixed pricing for treatment of conditions such as hair loss. Hims & Hers stock drops 15%

Published

17 hours ago

on

November 14, 2024

By

Amazon launches fixed pricing for treatment of conditions such as hair loss. Hims & Hers stock drops 15%

A worker delivers Amazon packages in San Francisco on Oct. 24, 2024.

David Paul Morris | Bloomberg | Getty Images

Amazon on Thursday announced Prime members can access new fixed pricing for treatment of conditions like erectile dysfunction and men’s hair loss, its latest effort to compete with other direct-to-consumer marketplaces such as Hims & Hers Health and Ro.

Shares of Hims & Hers fell as much as 17% on Thursday, on pace for its worst day.

Amazon said in a blog post that Prime members can see the cost of a telehealth visit and their desired treatment before they decide to proceed with care for five common issues. Patients can access treatment for anti-aging skin care starting at $10 a month; motion sickness for $2 per use; erectile dysfunction at $19 a month; eyelash growth at $43 a month, and men’s hair loss for $16 a month by using Amazon’s savings benefit Prime Rx at checkout.

Amazon acquired primary care provider One Medical for roughly $3.9 billion in July 2022, and Thursday’s announcement builds on its existing pay-per-visit telehealth offering. Video visits through the service cost $49, and messaging visits cost $29 where available. Users can get treatment for more than 30 common conditions, including sinus infection and pink eye.

Medications filled through Amazon Pharmacy are eligible for discounted pricing and will be delivered to patients’ doors in standard Amazon packaging. Prime members will pay for the consultation and medication, but there are no additional fees, the blog post said.

Amazon has been trying to break into the lucrative health-care sector for years. The company launched its own online pharmacy in 2020 following its acquisition of PillPack in 2018. Amazon introduced, and later shuttered, a telehealth service called Amazon Care, as well as a line of health and wellness devices.

The company has also discontinued a secretive effort to develop an at-home fertility tracker, CNBC reported Wednesday.

— CNBC’s Annie Palmer contributed to this report.

Continue Reading

Technology

WikiLeaks whistleblower Chelsea Manning says censorship is still ‘a dominant threat’

Published

20 hours ago

on

November 14, 2024

By

WikiLeaks whistleblower Chelsea Manning says censorship is still 'a dominant threat'

Chelsea Manning: Censorship still a dominant threat

Former U.S. Army intelligence analyst Chelsea Manning says censorship is still “a dominant threat,” advocating for a more decentralized internet to help better protect individuals online.

Her comments come amid ongoing tension linked to online safety rules, with some tech executives recently seeking to push back over content moderation concerns.

Speaking to CNBC’s Karen Tso at the Web Summit tech conference in Lisbon, Portugal, on Wednesday, Manning said that one way to ensure online privacy could be “decentralized identification,” which gives individuals the ability to control their own data.

“Censorship is a dominant threat. I think that it is a question of who’s doing the censoring, and what the purpose is — and also censorship in the 21st century is more about whether or not you’re boosted through like an algorithm, and how the fine-tuning of that seems to work,” Manning said.

“I think that social media and the monopolies of social media have sort of gotten us used to the fact that certain things that drive engagement will be attractive,” she added.

“One of the ways that we can sort of countervail that is to go back to the more decentralized and distribute the internet of the early ’90s, but make that available to more people.”

Nym Technologies Chief Security Officer Chelsea Manning at a press conference held with Nym Technologies CEO Harry Halpin in the Media Village to present NymVPN during the second day of Web Summit on November 13, 2024 in Lisbon, Portugal. 

Horacio Villalobos | Getty Images News | Getty Images

Asked how tech companies could make money in such a scenario, Manning said there would have to be “a better social contract” put in place to determine how information is shared and accessed.

“One of the things about distributed or decentralized identification is that through encryption you’re able to sort of check the box yourself, instead of having to depend on the company to provide you with a check box or an accept here, you’re making that decision from a technical perspective,” Manning said.

‘No longer secrecy versus transparency’

Manning, who works as a security consultant at Nym Technologies, a company that specializes in online privacy and security, was convicted of espionage and other charges at a court-martial in 2013 for leaking a trove of secret military files to online media publisher WikiLeaks.

She was sentenced to 35 years in prison, but was later released in 2017, when former U.S. President Barack Obama commuted her sentence.

Asked to what extent the environment has changed for whistleblowers today, Manning said, “We’re at an interesting time because information is everywhere. We have more information than ever.”

She added, “Countries and governments no longer seem to invest the same amount of time and effort in hiding information and keeping secrets. What countries seem to be doing now is they seem to be spending more time and energy spreading misinformation and disinformation.”

Manning said the challenge for whistleblowers now is to sort through the information to understand what is verifiable and authentic.

“It’s no longer secrecy versus transparency,” she added.

Continue Reading

Trending