A major cyberattack has just hit the systems of a subsidiary of US health insurance giant, UnitedHealth. In an SEC filing, UnitedHealth said that it suspected a “nation-state associated cyber security threat actor” of gaining access to Change Healthcare, part of its Optum subsidiary and one of the largest prescription processors in the US, forcing it offline.
The attack is causing widespread disruption in the healthcare sector, preventing patients from using their health insurance to pay for prescriptions as healthcare providers disconnect from Optum.
“I believe it’s our Colonial Pipeline moment in healthcare,” Carter Groome, chief executive of First Health Advisory, told the Wall Street Journal.
UnitedHealth hasn’t confirmed the exact nature of the attack. But reports suggest it could be caused by a strain of the LockBit malware used to exploit vulnerabilities in the ConnectWise ScreenConnect remote software application. This vulnerability (CVE-2024-1709) was publicised just a few days previously and given a severity rating of “critical.”
If this proves to be the source of the UnitedHealth attack, it means hackers have moved quickly to exploit the vulnerability – before companies have had time to patch against it.
The ability of a nation-state actor to use the highly sophisticated LockBit malware to bring down a major healthcare provider highlights the major risks facing US critical infrastructure.
It’s also another example of an attack that would’ve been prevented by our AZT PROTECT solution. It uses a patented approach to lock down critical applications from exploitation, while blocking the execution of zero-day malware, and automatically stopping the sophisticated techniques used by the most advanced nation-state sponsored attackers.
To see how AZT PROTECT can safeguard your critical infrastructure from this type of attack request a demo