Part 2 on the UHG/Change ransomware attack. Timeline of Events: 📅 February 19: ConnectWise discloses limited details of Screen Connect vulnerability. 📅 February 20: ConnectWise deploys hotfix, detection guidance released. 📅 February 21: First wave of ConnectWise related exploits reported in the wild, Sigma HA publishes detection rules. 📅 February 22: ConnectWise suspects non-patched versions are still vulnerable. 📅 March 03: ALPHV's bitcoin wallet drained of supposed $22M from United. 📅 March 04: "Notchy," ALPHV affiliate, airs grievances on RAMP. ALPHV makes a "good game" post. ALPHA announces sales of their ransomware suite for $5M. ALPHA site displayed with "seizure" announcement. 📅 March 05: Health tech leaders call for action to support small clinics, rather than just large hospital systems. HHS issues a statement offering support regarding the cyberattack on Change Healthcare, including the removal or relaxation of prior authorization requirements. HHS Statement Link 📅 March 06: RAMP forum mod awards "Notchy" win in grievance. 📅 March 07: United formally confirms their systems are being rebuilt, and that e-pharmacy and insurance claims processes are not yet resolved. 📅 March 8th: Optum employees report their IT systems are still being integrated, while UHG/Optum execs face criticism for shaming employees over bad IT hygiene. 📅 March 15: UnitedHealthcare and Change Healthcare announce that claim payments will be restored. Discussion Points for Part 2: ✳️ Analysis of the ConnectWise vulnerability disclosure and response. ✳️ Impact assessment of the ConnectWise-related exploits in the wild. ✳️ Speculation on ALPHV's motives and tactics following the draining of their bitcoin wallet. ✳️ Insights into the grievances aired by "Notchy" and the response within the hacker community. ✳️ Examination of ALPHA's announcement regarding the sale of their ransomware suite and the implications for cybersecurity. ✳️ Updates on United's system rebuilding efforts and the ongoing disruptions to e-pharmacy and insurance claims processes. ✳️ Discussion on the challenges faced by Optum employees as they navigate IT system integration, coupled with the criticism faced by UHG/Optum executives for their approach to addressing IT hygiene issues among staff. ✳️ Analysis of the support offered by HHS in response to the cyberattack on Change Healthcare, including the removal or relaxation of prior authorization requirements. Noting the rampant speculation on social media regarding terrorism and conspiracy theories about the motivations and true actors behind the cyberattack. Highlighting the anticipated restoration of claim payments by UnitedHealthcare and Change Healthcare on March 15. Additional Fact: 📊 Change Healthcare processes 15 billion transactions annually and supports 6,000 pharmacies, underscoring the significance of the cyberattack's impact on healthcare infrastructure.
