Cyber incidents: London Drugs paralyzed; privacy disaster at UnitedHealth
While London Drugs is conducting analyses, the largest US healthcare company cites an inadequately secured server as the cause of massive outages.
(Bild: Krysja/Shutterstock.com)
Almost 80 stores of the Canadian pharmacy and retail chain London Drugs have been closed for around a week due to a "cybersecurity incident". However, according to a statement from the company, telephone lines have been restored and the post offices in the stores are back in operation. According to the company, there are no indications so far that customer data has been leaked. However, the impact of the security incident on operations is considerable. Due to necessary internal investigations, London Drugs' telephone lines have been temporarily switched off.
Meanwhile, pharmacy staff are on site at all London Drugs locations to assist customers with urgent medication needs. London Drugs is advising customers to go to an on-site pharmacy during regular business hours if needed until phone lines are restored.
London Drugs says it is working with leading external experts to restore the company's data infrastructure and safely resume operations. Billions of lines of data and code need to be reviewed. The company says its teams are working around the clock and making progress.
Ransomware at UnitedHealth
While the analyses at London Drugs are still ongoing, the largest healthcare company in the USA, United Health, was able to find the cause. In a hearing in the US Senate, UnitedHealth CEO Andrew Witty stated that the attackers infiltrated via a server that was not secured via multifactor authentication. This enabled the attackers to access the Citrix application for remote access to Change Healthcare's systems.
After the takeover of Change Healthcare by UnitedHealth in 2022, the systems first had to be brought up to date, according to Witty. It is therefore possible that appropriate security measures are not active everywhere. However, Witty emphasized that all employees are required to activate multifactor authentication. He was unable to say why the attackers were able to penetrate the systems unnoticed for a week – the exact circumstances are still being investigated.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externes YouTube-Video (Google Ireland Limited) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Google Ireland Limited) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
UnitedHealth covers all areas of healthcare, such as insurance and billing. Doctors, pharmacists and patients are particularly affected. In some cases, patients have to make advance payments and pay high costs for medication themselves. Since the incident in February, many doctors and pharmacies have been unable to use UnitedHealth's systems.
At the hearing, Witty confirmed that the incident could affect a third of the US population. Witty also admitted that UnitedHealth made a ransom payment of $22 million in Bitcoin to the cybercriminal group AlphV (also known as Blackcat). He was unable to say when the payment was made. It is also unclear whether the criminals will publish copies of the data on the dark net. Another payment is possible. However, such transactions are not advisable, as the criminals usually do not stop after an initial payment. Another ransomware group, "Ransomhub", also recently claimed to be in possession of the data – but the entry on their leak site has since disappeared.
(mack)