Records compromised, Approximately 145 million!

In February 2024, Change Healthcare fell victim to a cyberattack that compromised sensitive personal data and disrupted vital healthcare operations across the country. The attack, carried out by the BlackCat threat group, targeted the company’s electronic data interchange (EDI) systems. The attackers exploited significant security vulnerabilities, particularly the lack of multi-factor authentication, which left the company’s infrastructure exposed.

This ransomware incident highlighted critical cybersecurity weaknesses within Change Healthcare’s systems. Key vulnerabilities included the absence of multi-factor authentication, which could have added an extra layer of protection. Compromised user credentials allowed unauthorized access, while weaknesses in the EDI systems posed major structural risks. These security gaps enabled the attackers to breach the organization’s digital infrastructure.