The Frontier Psychiatrists

Share this post

The Frontier Psychiatrists
The Frontier Psychiatrists
Change Healthcare is a Big Enough Problem for United Healthcare to Notice.
Copy link
Facebook
Email
Notes
More

Change Healthcare is a Big Enough Problem for United Healthcare to Notice.

Optum lays off security team...in the middle of a ransomware attack?

Owen Scott Muir, M.D
Feb 28, 2024
∙ Paid
5

Share this post

The Frontier Psychiatrists
The Frontier Psychiatrists
Change Healthcare is a Big Enough Problem for United Healthcare to Notice.
Copy link
Facebook
Email
Notes
More
2
Share

The Frontier Psychiatrists is thrilled to bring you the late-breaking news in the ongoing Change Healthcare—BUT IN WHICH DIRECTION?—saga. This article has a pay wall, there is original reporting therein, and it's a whole to do.

In our prior installment, we covered the fact that Change Healthcare—acquired by UnitedHealthgroups’s Optum Sub-division—had a cyber attack that led to an SEC filing about the attack being ransomware. This is sort of hilarious, because if anyone is holding American health data hostage…it’s American healthcare. Remember when I wrote joke press releases about Leviathan Eating All That Is? Or made fun of the earnings call a biblical world-ending monster would have? Feels a bit…to close to reality now.

We have breaking updates, and, in a surprising turn of events, some original reporting on this story!

It turns out it’s not a state actor, per se, it’s the Ransomware crime syndicate called “BlackCat”—which is an adorable name for a cybercrime ring. BlackCat is RaaS— criminal, but they are a “ransomware as a service” group. A criminal enterprise, that sells its ransomware software, for a price and a portion of the proceeds. Everybody's a platform now?

This is a bad problem, and getting more grim by the day given the group involved: (from HIPAA Journal)

On February 27, 2024, a member of the Blakcat group confirmed that they were behind the attack.

Blackcat is known to engage in double extortion tactics, where sensitive data is exfiltrated before ransomware is used to encrypt files. Ransoms must be paid to recover encrypted files and to prevent the release of stolen data, so there is likely to have been a data breach although that has not been confirmed by Change Healthcare at this stage

It is also absurd, but true, that in the middle of a massive cyberattack the scale of which has shut down access to lifesaving drugs, at, for example, ALL MILITARY PHARMACIES, Optum was busy laying off much of its cybersecurity team.

From thelayoff.com:

Granted, these are anonymous internet comments, let’s take them with a grain of salt.

it also seems like the US Department of Justice is taking a very serious look at United Healthcare: The examiner reports…

significant local layoffs were enacted last week.

…UnitedHealth Group, Optum’s publicly traded corporate parent, received notice on Oct. 10, 2023, that the Department of Justice (DOJ) had launched a “non-public antitrust investigation into the company,” according to a message distributed on Oct. 24 by Rupert Bondy, an executive vice president and chief legal officer of UnitedHealth Group.

Bondy’s e-mail, sent to high-ranking colleagues, concedes the disconcerting and potentially significant nature of the executives receiving a “document preservation notice” from federal law enforcement, acknowledging the “breadth of the notice” issued by U.S. authorities.

The legal tactic of service for preservation of records means don't destroy anything. That we're gonna look, and then we need all the records there. This is a big deal. A very big deal. This is not the Federal Trade Commission. This is the Department of Justice. The Department of Justice can put you in jail. I think that's highly unlikely…but anti-trust enforcement, especially in the context of a very high-profile ransomware attack, where the FBI could be of help in decrypting files…

We have an adverse outcome of a very monopoly-ish company. We have millions of patient records at risk. We had terrible decision-making around staffing of cyber security infrastructure and team members right before a major high-impact breach that impacted military pharmacies. This is a huge problem. And with a pre-existing preservation of records order from earlier last year, it's terrible timing for the UnitedHealth group at a minimum.

The firings have been massive, enough to trigger a local labor law called WARN—where major companies with layoffs greater than 50 are supposed to provide 90 days prior notice.

And, guess what day they started? That's right, the two days before the cyber security crisis…was reported on the 21st. The layoffs included both cyber security professionals and those who would be impacted by the subsequent breach as providers and, other cogs in the machine like the people who do prior authorization for the provider side of Optum, to deal with the prior authorization requirements on the United healthcare side of Optum:

My local doctor source confirmed that 28 pre-certification representatives were let go last week, some by e-mail, some by a phone call.

“It’s happening two weeks before they get their yearly bonus, and their yearly meeting to increase their hourly wage,” the doctor told me through an intermediary.

So here's the fun and original reporting part of this article: I spoke to a cybersecurity professional. It was on background. I'll present, unattributed, what I was told…

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2024 The Frontier Psychiatrists
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More