As of this afternoon, March 1, 2024 3pm EST, Change Healthcare announced that their ePrescribing service was operational and at 3:45pm EST they made this update:

For clarity, Change Healthcare's Clinical Exchange ePrescribing providers' tools are still not operational.

We have completed standing up a new instance of Change Healthcare's Rx ePrescribing service. Working with technology and business partners, we have successfully completed testing with vendors and multiple retail pharmacy partners for the impacted transaction types. As a result, we have enabled this service for all customers effective 1 p.m. CT, Friday, March 1, 2024. If you encounter issues following the activation of this script routing service, contact our support team through your normal channels or submit an online ticket via our support portal.

If you are a medical practice, lab, pharmacy, or related business who is impacted by this event, you may have some possible opportunities and possible complications to consider:

• UnitedHealth Group Chief Operating Officer Dirk McMahon has said the company was in the process of setting up a loan program for providers who are unable to submit insurance claims while systems are offline.  You should probably keep an eye on this possibility.

• If you are impacted by this incident, for example you’ve been unable to submit claims and/or post payments, reach out to your practice’s insurance broker. You may have immediate cause to file a claim for contingent/dependent business interruption or something similar. These provisions most often provide up to $100k in many cyber policies. (Yet one more reason why you need cyber-liability insurance coverage.) Your E&O policy may come into play also in these situations. Remember your broker is the expert.

• The possible threat actors ALPHV/Blackcat, who are suspect in this event, are known to exfiltrate data as part of their attacks (I did a deep dive on this group a year ago, they are not amateurs). We may not know, however, for quite a while if this is the case.

• Subscribe to updates on Change Healthcare’s website dedicated to this event – linked below, so you can stay informed as they release information. 

• Pay special attention to any email communications that appear to be coming from UnitedHealth Group/Optum/Change Healthcare – big events like this that make the news are popular bait for phishing emails. Be aware of this possibility, especially if there is an “urgent” ask in the message and warn your employees. I can already envision phishing emails going out to medical practices such as: “United Health free loan program ends tonight, click this link to apply before it’s too late!” 

• Should this event become a data breach - and this has not been determined yet - your practice and your impacted patients will be informed as part of that process, but it may be a while before anyone knows. Use this time now to think about how you’ll answer inquiries from patients – talk to your own legal counsel for advice on managing expectations. Keep in mind though, as of right now, we just don’t know if it is, or it isn’t a data breach since Change Healthcare hasn’t said anything yet. 

• If you do medical billing in house or via a third-party medical billing service, there may be work arounds with some insurance companies to key claims directly to their portals or possibly submit paper claims. RealTime-Medical is doing these things where possible for our own clients, but it is a lot of extra work, so plan accordingly.

Talk to your cybersecurity and IT Teams to make sure they are aware of the issue and be sure to understand your own potential risks related to this event.

To be safe, and it’s a step we always recommend when cyber incidents occur – assume that your credentials used to access UHG/Change Healthcare/Optum are potential at risk and change them to unique, difficult to guess, long passwords. If your mobile phone number was associated with your logon information and it is used for MFA, see if you can switch to app-based MFA if possible – I don’t know if UHG supports that. Be careful about anything texted to your mobile number too.

Finally, if your business is financially impacted to the point you may not be able to pay invoices, it’s probably better to talk to those vendors sooner rather than later. Most everyone should be aware of this incident by now and they will hopefully understand that it’ll be sorted out soon (maybe that is just my endless optimism talking.) Again, your insurance policy may come into play with business interruption coverage, so please talk to your insurance broker – they’ll know the best way to proceed. 

Link to the SEC FORM 8-K related to this incident: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm

Change Healthcare’s latest updates related to this incident: https://status.changehealthcare.com/incidents/hqpjz25fn3n7  Suggest you subscribe to updates if you are impacted.

CUSTOMERS OF VANS, THE NORTH FACE,
AND OTHER BRANDS PERSONAL DATA POTENTIALLY STOLEN.

VF Corporation, parent company to popular brands including, Vans, The North Face, Timberland, Dickies, JanSport and more, reported that their IT systems were impacted on December 15, 2023 and that some personal data was stolen.

They reported that their computer systems were affected and that personal information was stolen, but they haven't provided any specific details. This is important because cybercriminals commonly use stolen data from these breaches to launch scams, so please be cautious, particularly if you have a loyalty account or have made direct orders through their websites (such as Vans, North Face, Altra, Dickies, etc.). Visit their corporate website for a full list of their brands: www.vfc.com .

Assume that anything you shared with
these brands could be in the hands
of the thieves.

If you stored a credit card, monitor your account closely for any suspicious activity and report it promptly. If you use the same password for any of your online accounts, especially email or social media, update those passwords. According to their SEC 8-K report, the attackers disrupted VF Corporation's operations by encrypting some computer systems and stealing data, including personal information. The company is working to restore the affected systems and find alternative solutions to minimize disruption for customers. VF-operated retail stores are open, but there may be some operational issues. While consumers can still place orders on most brand websites, fulfilling those orders is currently impacted.

SEC 8-K report here: https://www.sec.gov/ix?doc=/Archives/edgar/data/103379/000095012323011228/d659095d8k.htm

Congratulations on making it almost all the way through 2023! Now that holiday shopping is in full swing, we wanted to let you know about a few online shopping trends we've noticed and give a few tips about how to stay safe online while buying gifts for everyone on your list.

Generally, experts seem to believe that the average American is going to spend less this year – though pandemic restrictions have largely lifted, we've entered a new season of economic uncertainty. This means every dollar is even more important, which is why we want to help you protect your hard-earned cash from the scammers and hackers that pop up every year. It's like they don't care about the naughty list! Here is what we think is cheerful and what we think is coal-worthy for shopping online this holiday season:

You can soon set up alerts for whenever your home address, phone number, or email address appears in Search.

In 2022, GOOGLE expanded the ways you can submit removal requests for search results containing personal info. Prior to this change, you had to meet a very high bar to get results with sensitive data wiped. Finding personal details in a Google search, like a home address or phone number, can be scary, but you can take action to protect your privacy.

There’s no guarantee that unwanted search results will disappear completely, but as a result of your request, the web page could be removed from searches on Google.

There are services that can help you make your disappear digitally like DeleteMe. More information on using DeleteMe can be found here.

Under the new Google policy expansion, you can now request removal of other types of information like phone number, email address, or physical address. It also allows for the removal of additional information that may pose a risk for identity theft. Think confidential log-in credentials that my appear in search results.

REQUEST REMOVAL FROM GOOGLE HERE

Google requests your full name, country of residence, and email. You are only permitted to submit takedown requests for results pertaining to yourself or someone you officially represent. You can submit up to 1,000 links at once. Google asks for the URL of the offending content or image, and the company wants you to share the search results where it shows up. It’s not clear how long it will take to review your case, but Google will let you know when it has decided to take action—or do nothing at all. The company promises to include brief explanations with any rejections and allows repeat submissions.

-end-

Reference: Rogers, Reece. “How to Remove Your Personal Info from Google’s Search Results.” Wired.com, APR 29, 2023, https://www.wired.com/story/remove-personal-info-from-google-search-results/

Urgent Information for Barracuda Email Security Gateway Users

DO you have Barracuda Email Security Gateway devices in use to filter your inbound emails for spam, phishing, and malware?

Barracuda is urging replacement of these devices as their recently discovered vulnerabilities cannot be fixed with patches or upgrades. Contact Barracuda support or whomever manages your Barracuda Email Security Gateway to correct this very serious vulnerability.

As always, keep things up to date and properly configured continues to be good advice, but in this particular case, that isn’t going to be enough.

(Barracuda is a physical device that sits on your network in front of your email system)

MORE DETAILED INFORMATION IS PROVIDED BY KREBS ON SECURITY IN THIS ARTICLE.