Change Healthcare

In February 2024, Change Healthcare's systems were hit by a ransomware attack, disrupting care across the U.S. and exposing 190 million records. The breach highlighted the vulnerabilities in third-party vendor security and the cascading effects on the healthcare system. The attack caused widespread disruption, financial losses, and exposed sensitive patient data, underscoring the critical need for robust cybersecurity measures in healthcare.

Source: https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/

TPRM report: https://www.rankiteo.com/company/change-healthcare

"id": "cha541081125",
"linkid": "change-healthcare",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'U.S.',
                        'name': 'Change Healthcare',
                        'type': 'Healthcare'}],
 'data_breach': {'number_of_records_exposed': '190 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Patient information'},
 'date_detected': 'February 2024',
 'description': 'A major ransomware attack on Change Healthcare in February '
                '2024 disrupted healthcare services across the U.S. and '
                'exposed 190 million records. The incident highlights the '
                'vulnerabilities in the healthcare sector, particularly due to '
                'third-party risks and human error.',
 'impact': {'data_compromised': '190 million records',
            'identity_theft_risk': 'High',
            'operational_impact': 'Disruption of healthcare services across '
                                  'the U.S.'},
 'lessons_learned': 'The incident underscores the need for better third-party '
                    'vendor oversight, proactive IT risk assessments, and '
                    'regular testing of incident response plans.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Third-party vendor compromise, '
                                           'human error, poor vendor '
                                           'oversight, failed disaster '
                                           'recovery tests, untested backups'},
 'ransomware': {'ransom_demanded': '$4 million'},
 'recommendations': ['Include all critical data types in tested backup '
                     'strategies',
                     'Treat insurance policies as sensitive documents',
                     'Train staff on phishing, social engineering, and safe '
                     'data handling',
                     'Monitor third-party vendors continuously',
                     'Quantify cyber risk in financial terms to guide '
                     'investment',
                     'Regularly test incident response plans under realistic '
                     'conditions'],
 'references': [{'source': 'Resilience'}],
 'threat_actor': ['BlackCat', 'Cl0p', 'Lockbit', 'Medusa', 'Interlock'],
 'title': 'Ransomware Attack on Change Healthcare',
 'type': 'Ransomware'}

Change Healthcare

The Rainbow Multi Academy Trust: Schools Hit by Ransomware, Locked Out For Three Months

Asahi Group Holdings

Crisis24 (OnSolve CodeRED)