Apple Acquires Popular Image Editing App Pixelmator
Apple buys Pixelmator, a popular image editing app, to expand its creative tools portfolio, pending regulatory approval.
Reese Morgan
The state of Nebraska has filed a lawsuit against healthtech giant Change Healthcare, alleging that the company's security failures led to a massive data breach, exposing the sensitive health information of at least 100 million Americans. According to Nebraska Attorney General Mike Hilgers, Change Healthcare failed to implement proper security measures, resulting in what he describes as a "historic" data breach in terms of impact and magnitude.
The lawsuit stems from a February ransomware attack on Change Healthcare, which was attributed to the Russian-speaking ALPHV ransomware gang. The attack resulted in the theft of sensitive medical data, including personal information such as addresses and phone numbers, health data including diagnoses, medications, treatment plans, and financial and banking data. Change Healthcare is still in the process of notifying affected individuals, and the final number is expected to be higher than 100 million.
According to Hilgers' complaint, Change Healthcare's failures to implement basic security protections exacerbated the extent of the cyberattack. The company's poorly segmented IT systems allowed the hackers to travel freely between servers, and the lack of multi-factor authentication on its systems meant they could be accessed with just a username and password. The complaint also alleges that the hackers gained access to Change Healthcare's network using the username and password of a "low-level customer support employee," which was posted to a Telegram group known for selling stolen credentials.
With access to this "basic, user-level" account, the hackers were able to break into the server that hosted Change's medication management application, SelectRX. From there, they created privileged accounts with administrator capabilities, including the ability to access and delete all files. The complaint states that the hackers navigated Change's systems undetected for over nine days, creating privileged administrator accounts, installing malware, and exfiltrating terabytes of sensitive data.
The attack was only detected when files were encrypted, locking out the company from its own data. Hilgers is also suing Change Healthcare over its alleged failure to notify affected individuals about the data breach, which impacted at least 575,000 Nebraskans. The state published its own notice alerting residents to the breach because Change Healthcare still had not provided notice to those affected until some five months after the cyberattack.
The Nebraska attorney general is seeking damages "for the harm caused to Nebraska residents and healthcare providers," which Hilgers says were forced to deliver care without receiving payment for insurance claims. The incident also caused widespread operational disruptions, leaving patients without necessary medications and treatments.
In response to the lawsuit, UnitedHealth spokesperson Katherine Wojtecki stated that the company believes the lawsuit is without merit and intends to defend itself vigorously. The company reiterated that Change Healthcare's review of the stolen data was "in its final stages."
The lawsuit highlights the importance of robust cybersecurity measures in the healthcare industry, where sensitive patient data is at risk. The incident also raises concerns about the potential consequences of a data breach of this magnitude, including identity theft, financial fraud, and compromised patient care.
As the healthcare industry continues to grapple with the challenges of data security, this lawsuit serves as a stark reminder of the need for vigilance and proactive measures to protect sensitive patient information. The outcome of this lawsuit will likely have significant implications for the industry as a whole, and could potentially lead to changes in the way healthcare companies approach cybersecurity and data protection.
Apple buys Pixelmator, a popular image editing app, to expand its creative tools portfolio, pending regulatory approval.
A US breast-screening program reports 21% higher cancer detection rates with AI-enhanced mammography scans, but experts call for further randomized controlled trials to quantify benefits.
The US Department of Justice proposes far-reaching remedies to break up Google's search monopoly, including the sale of Chrome and data sharing with competitors.
Copyright © 2024 Starfolk. All rights reserved.