Disclaimer - I'm not a trained journalist or cybersecurity consultant, and the statements or comments in this post are my views and opinions. It is not an attempt to sell or promote services, and you are welcome to disagree or comment - but keep it civil.

Furthermore, I created the AI image using Co Pilot.  Just in case someone took offense or wondered if I am naturally gifted LOL

Welcome to the Matrix

Many have this odd fantasy that we are Neo fighting in a virtual world, attempting to beat the evil computer and its long tentacles as they attempt to drag us into the metaverse.

Some might have seen “Hackers” and fantasized that the characters are noble, modern-day Robin Hood characters who steal only the money needed to support needy people.

Unfortunately, the cyber battles and hacking attacks are far from what Hollywood might portray. Cyberspace is the main battleground where nations and criminals fight each other, stealing information, disrupting services, stealing money, and extorting victims for cryptocurrency. I’m sure there are many more scenarios, and I’m not even going to open up the various harsh crimes like drug dealing, human trafficking, child trafficking, etc.

The dark web and cybercriminals are scumbags, and they only attempt to steal money for their gains. Cyber gangs control the dark side of the outstanding internet, similar to what crime gangs in the real world do.

Policing is much more complicated; finding and prosecuting these entities can take years.

We have many wonderful cybersecurity teams working in companies and governments, fighting to keep their information safe from these criminals. It takes a lot of money, coordination, proactive monitoring, and quick response times. It is a billion-dollar industry that will only grow and get more complex.

Creating a solid cyber defense working with sophisticated technologies is an essential cyber strategy for all organizations. Still, many small entities do not have the funding needed to secure their organizations, making them sitting ducks. How do we help and protect these?

Furthermore, our cyber defenses depend on a vital ally-our end-users. Any cyber program must include significant cyber awareness training and communication. End-users must be vigilant, report suspicious behaviors, and spot phishing attempts.

The United Health Organization Under Attack

In early 2024, shortly after Valentine’s Day, the healthcare industry was rocked by yet another cybersecurity incident. The healthcare industry is very vulnerable and under attack, as cyber criminals attempt to steal patient data (PHI) and auction it off on the dark web.

I’m confident these criminals have no morals and will attempt to steal any data they deem valuable, which can then be used to demand a ransom—hence the term ransomware.

Cybercriminals know that losing or exposing PHI is a significant breach that will cause big challenges for the victims, the healthcare organization, stakeholders, and the patients.

Any PHI breach can (will) expose the healthcare organization to financial and reputational damage, and patients might be victims of fraud and extortion. The State will punish any healthcare organization, often with a fine, and you can only hope that you have a reputable and collaborative cyber insurance partner.

Having been through a ransomware breach, I can only feel how such incidents will negatively impact the morale and confidence in the organization’s cybersecurity readiness. Furthermore, it will question how cybersecurity technologies are acquired, deployed, monitored, and reacted upon.

A Ripple Effect within the Healthcare Industry

Disclaimer - I was not personally involved and may have missed some information in my overview. The below is based on my personal understanding and opinions.  

Here’s a high-level summary of the United Health Cybersecurity Incident seen from the perspective of a bearded Viking working within the healthcare industry.

In early 2024, we started to see news and social media posts about United Health (UH) being targeted by a sophisticated cyber-attack. Subsequently, this attack sent ripples and aftershocks through the healthcare industry as it unraveled, and the true magnitude of the incident became apparent.

For the record, United Health Group is one of the nation’s largest health insurers and claims processing companies, and it sits on (my estimate) 80-90% of the market. It could be less, but it is a massive entity (monopoly) when looking at the companies that are part of the UH subsidiary network. UH controls a significant part of the cash flow for many healthcare centers.

The attack and its impact were a stark reminder of the vulnerability of the healthcare sector’s digital infrastructures and the dependencies on cash flow for many smaller healthcare centers.

The First Move – the bad actors attack

On February 21, 2024, the United Health Group confirmed that it was under attack by cybercriminals. The attack forced UH to turn off its network and infrastructure, which caused significant disruption to its operations and impacted all its customers, namely hospitals, pharmacies, specialty clinics, and health centers.

It was speculated that the attack came from Russia and was orchestrated by a ransomware gang known as ALPHV or BlackCat. The gang extracted (stole) more than six terabytes of data, including sensitive medical records classified as PHI.

UH was stuck in a cyber nightmare, grinding claims processing and payments to a halt. Revenue stopped flowing, which had a nationwide impact on the healthcare industry.

The ripple effect was not fully understood, and the downstream impact would cause further financial impact on smaller health centers.

The Ripple Effect

The ripple effect of the attack was immediately felt across a large percentage of healthcare centers across the US.

The sad news started circulating that many smaller healthcare centers and patients did not get paid as UH could not process billions of dollars. Many of the smaller health centers that rely heavily on the claims process were left stranded, and it became apparent that they would not be able to survive. The viability of health centers was on the line. How would these entities survive when they rely heavily on cash flow and the claims processing entities?

It is a single point of failure that risks the livelihood of providers, staff, and businesses. Given the importance of cash flow, I’m surprised no redundancies exist to support these critical services.

More scary news was reported that because of the financial impact led to an increase in mortality in patients. It was not longer a cybersecurity attack that caused a financial impact on UH, but it claimed the lives of innocent people looking to be treated for perhaps common health issues.

The cybercriminals just elevated their crime to murder and should get prosecuted accordingly when they are caught.

The cybercriminals who committed the ransomware attack against my organization were eventually caught in early 2024. Four years after the incident, it shows the resilience of the FBI and international agencies that hunt these groups.

United Health Takes Action

I was happy to see how quickly United Health jumped into action and started communicating with the public. However, the incident had a significant impact, as the Government also stepped in to provide additional support. I guess they understood the incident’s downstream impact.

With the government’s help, UH could process claims for more than $2 billion to help their customers, which is awesome. But isn’t that what UH processes daily, and should they not be able to process claims more rapidly with the help of the Government?

Remember, Medicare claims are also processed by UH, so the incident needed the full backing of the Government. You would have assumed the claims processing would be almost back to normal with the Federal backing.

Healthcare centers were still submitting claims, so redirecting these to an alternative provider should’ve secured payments if the redundancies had been in place. Or at least provide an alternative service in the interim to allow the health centers to process their claims.

UH spent a lot of time assessing the total damage and impact of the attack to plan and remediate.

Assessing the impact can be challenging; at times, it is better to go full nuclear and rebuild systems instead of attempting to repair them. I appreciate that this task is time-consuming, but it allows UH to eliminate any potential sleeper files planted during the hack.

While time-consuming, rebuilding servers and computers is straightforward, assuming they have a solid and recent data backup.

Some cybersecurity firms encourage companies to conduct expensive probes on all servers and endpoints and offer a swat team to swipe and clean all infected devices. But how do we know that these efforts were 100% successful?

From the sidelines, I hope they have proper backup procedures, back up the systems and data, and have tested these.

Personally, when we were attacked by ransomware, I decided to rebuild everything – and I mean every server and computer. I had become paranoid that something might remain dormant on our network and needed to eliminate the risk. Thankfully, we had a virtual desktop environment, and once it was rebuilt, we could start granting users access.

Some news sources reported that UH paid the $22 million ransom to the cybercriminals. This has not been verified, but it coincided with a similar payment on the dark web to the ALPHV or BlackCat gang.

Paying the ransom and getting the decipher key does not guarantee that you will get all your data back, and it does not mean that all your systems and services will magically come back!

Long-Term Considerations and Aftershocks

United Health’s cyber defenses had some holes, and the organization’s interconnectivity was vulnerable to malicious code propagating across networks, affecting all infrastructure and downstream services.

Furthermore, it also revealed that UH is a monopoly with a chokehold on its customers, and any incident will have a significant financial impact on them.

UH, and the Federal Government must take action to strengthen and enforce proper cyber defenses for such entities to avoid widespread disruption in the future. They are responsible for shaping policies and practices aimed at safeguarding patient data and ensuring the continuity of care.

It also revealed that smaller companies and health centers must find ways to have redundant services in place to protect the cash flow.

Large corporations must assess their pricing structure to make their sophisticated solutions affordable to small and medium entities, otherwise they will continue to struggle and be victims to cyber attacks. Eventually, these smaller health centers will cease to exist.

The Giant Takes Aim

One piece of news that made my blood boil was that through Optum Care, United Health started to acquire parts of the operations or buy entire healthcare centers and providers, absorbing them into the UH fold. These companies and entities do not have a choice, as their fragile cash flow was damaged by UH’s lack of cybersecurity measures.

It is the only way these smaller entities can survive, but it should not end like that, and they had to sign a pact with the devil. Otherwise, they and their patients would be without support.

United Health is calmly taking control of the healthcare industry as a giant player, controlling the end-to-end patient care service.

Safeguarding the Future

Thankfully, the government has recently launched a new task force on Health Care Monopolies and Collusion (HCMC) within its Antitrust Division. 

While this might not target United Health, I’m sure it directly responds to the recent cybersecurity incident that hampered UH. The incident exposed how vulnerable UH’s infrastructure is and how greedy UH is when it snaps up struggling healthcare centers and providers.

United Health is openly building a monopoly that allows these giant companies to control and profit from the market.

I hope the new task force will be concerned about antitrust issues due to United Health Group’s size and influence in the healthcare market. Again, the task force and DOJ must establish policies and regulations to prevent such giants from being created.

These giant entities have too much control and can regulate prices to increase revenues, while patients are the real victims. Patients have no choice but to pay the price to get support, and the increase in inflation, downturn in the economies, mass redundancies, and unemployment leads to less money for individuals and families.

Health is too important and critical to be used as a leverage to strengthen corporate revenue.

We need to make healthcare affordable and accessible to all people living here!

What did we learn from the United Health incident?

Cybersecurity and ransomware are fundamental, and cyber-attacks significantly impact the healthcare industry and patients.

It is also a reality that medium and smaller companies have limited funds to implement sophisticated technologies to protect their data and PHI and do not have the staff or resources to develop a cybersecurity program that also elevates Cybersecurity Awareness.

We need to explore ways to strengthen staff cybersecurity awareness, and I’m looking to organizations like KnowBe4, Microsoft, Amazon, Rubrik, Mimecast, and many more excellent companies to make cybersecurity achievable for companies with smaller budgets and resources.

The hack also exposed the evil plot of organizations like United Health to develop monopolies and take full control of the healthcare industry. This cannot go unnoticed; the DOJ must develop the necessary policies and regulations.

I have worked diligently to develop a cybersecurity program at my organization, using the available resources and skills. Granted, I have been lucky that our leadership and board fully support the cybersecurity strategy and the severity (risk) if we do nothing.

It has taken longer than for-profit organizations, but I have invested a lot of time in educating my team, encouraging self-study, sending them to attend webinars, and gradually building the skills we need to increase awareness.

Furthermore, we developed a plan to implement critical technologies to support our cybersecurity strategy, and you will be surprised how willing companies are to work with you. But you will not get it without asking for it. Building relationships with technology companies directly or establishing strong vendor relations with MSPs takes time.

I’m more than happy to jump on a call with anybody to share what we did and some of the materials we have created.

Lastly, with the introduction of AI and its impact on the healthcare industry, it is apparent that it will pose even more strain and challenges to the already exposed healthcare cybersecurity defenses. However, that is a topic for another conversation.

Have a wonderful day. Stay vigilant, and embrace your inner Viking!