Most people believe that larger, multinational companies have better cybersecurity, and according to the tools they have access to, this may be true in some regards.
However, large corporations are also extremely complex, with many new and legacy applications spread around geographically, thereby increasing the number of overall systems that can be attacked. The current news is littered with breaches from large companies, but small companies have their own security issues. The common saying in the cybersecurity industry is: "You are not too small to be the target of a ransomware incident, but you may be too small to make the news." Let’s examine two major attacks that have occurred this year.
UnitedHealthcare breach
UnitedHealthcare, the largest healthcare provider in the U.S., was breached in February 2024 via its remote payment processing portal called the Change Healthcare unit. The breach occurred from the BlackCat hacker group, which is one of the ‘big 3’ hacking organizations worldwide. BlackCat posted on its website shortly after the attack that it had stolen eight terabytes of sensitive records from Change Healthcare, only to remove the statement later without explanation.
The attackers entered the Change Healthcare portal, which does not use multifactor authentication. It’s unclear why the Change Healthcare portal lacks this security measure and, when asked, a UnitedHealthcare spokesperson did not respond to questions. The company said the attackers stole health and personal data from a "substantial portion" of Americans. This portal processes 50% of all private health insurance claims nationwide.
The attackers locked the Change Healthcare portal thereby denying access to UnitedHealthcare and thousands of healthcare providers. Since April 26, UnitedHealthcare has provided $6.5 billion in accelerated payments and no-interest, no-fee loans to thousands of healthcare providers. The company paid the attackers an undisclosed amount of money to ensure the decryption of the portal. UnitedHealthcare CEO Andrew Witty said, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure."
Major cyber forensic providers and security experts from Google, Microsoft, Cisco and Amazon worked with teams from Mandiant and Palo Alto Networks to secure Change Healthcare’s systems after the breach. This attack is on the heels of 2023’s disastrous track record of over 100 million patient records stolen in the U.S. This attack is an example of how even the largest companies in regulated industries make poor decisions regarding cybersecurity, which is ultimately exploited to the detriment of its customers, employees and shareholders.
I understand that multi-factor authentication can be inconvenient for many people, but would you rather put up with the minor inconvenience of pulling out your phone each time you access your firm’s system, or deal with a major breach issue? Cyberattacks are up 15% year-over-year, so the world is not getting safer.
Dell breach
Additionally, cybercriminal Menelik recently informed Dell that it had "the data from 49 million customers and other system information from Dell between 2017-2024." The stolen data included the full name or company name of the buyer, address, unique seven-digit system service tag, serial number, ship date, Dell customer and Dell order numbers from systems sold in the U.S., China, India, Australia and Canada. While the breach does not include payment information or email addresses, attackers could use the data they have to impersonate Dell support in order to gain access to systems. If you own a Dell system, you should be wary of any Dell support calls.
If you would like to discuss your cybersecurity readiness or have a no-cost cybersecurity overview completed, please reach out to OMNIPOTECH.
For more information, visit omnipotech.com or call Robert Kyslinger at (281) 768-4308.
