March has brought forward the end of Winter, the beginning of Spring, and even more examples of cybersecurity incidents affecting businesses around the world. From a cyber-attack on US pharmacies to a hacking group scamming one of its own, several interesting developments in the cybersecurity landscape have occurred. Here’s a quick recap of some of the most important stories of the last 30 days.
Biden’s $13 Billion Cybersecurity Investment
The White House’s 2025 fiscal plan includes a request for $13 billion to the federal cybersecurity budget, a significant increase from the current $11.8 billion, which is still under negotiation. This request aligns closely with the administration’s original plan for $12.7 billion for 2024, which was delayed due to a contentious bipartisan budget debate, leaving the government operating on a temporary resolution. The proposed cybersecurity budget allocates a substantial boost to agencies like CISA and the Justice Department. For instance, an additional $103 million would be directed to CISA’s financial reserves, raising its total budget to $3 billion. This funding aims to enhance programs like the Joint Collaborative Environment (JCE), which centralizes data on cyber threats and vulnerabilities. Additionally, improvements are also planned for the Continuous Diagnostics and Mitigation (CDM) program. This program focuses on defensive improvement across the federal government, with the current cybersecurity budget seeking to complete ongoing cloud and mobile device asset deployments and to continue implementing “zero trust” systems.
Additionally, the budget supports the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The DOJ would receive $25 million for cybersecurity initiatives, while funds would be allocated to AI research. However, the realization of these initiatives depends on Congress, which has yet to settle on 2024 funding – underscoring an ongoing challenge in securing federal cybersecurity resources.
Cyber Attack Impacts Pharmacies
A cyberattack on UnitedHealth has left pharmacies across the United States struggling to manage prescription distributions to patients. Change Healthcare, a subsidiary of UnitedHealth responsible for processing prescriptions for tens of thousands of pharmacies nationwide, fell victim to hackers who infiltrated their network. This cyber incident prevented pharmacies from getting prescriptions to insurance companies for payment. Naval Hospital in Camp Pendleton, CA, faced an inability to process any prescription claims due to the ongoing issue, while Evans Army Community Hospital in CO reported delays in prescription orders, affecting dispensing and refills. GoodRx, a prescription discount service, and Moffet Drug, a small pharmacy in Norton, KS, also reported disruptions in their services. UnitedHealth disclosed in a filing with the Securities and Exchange Commission (SEC) that the cyberattack could have been orchestrated by a group of hackers paid by a foreign nation. The company promptly isolated the attack, notified law enforcement, and initiated efforts to restore its systems. In response, the American Hospital Association advised medical facilities to disconnect from UnitedHealth’s network until the issue is resolved to mitigate potential exposure to attackers. Change Healthcare believes the attack was contained within its network, with disruptions persisting throughout the time of the attack.
Security Implications from the ‘Mother of all Breaches’
Towards the beginning of 2024, Security Discovery and Cybernews researchers uncovered a dataset of 26 billion leaked accounts associated with LinkedIn, X (Twitter), Tencent, Dropbox, Adobe, Canva, Telegram, and other platforms, marking what is referred to as the “mother of all breaches” (MOAB). This extensive breach has affected government agencies across the globe, reaching those in the U.S., Brazil, Germany, the Philippines, and Turkey, alongside numerous other organizations. Although a significant portion of the data was compromised during past breaches, the recently leaked dataset contains new information as well.
The potential aftermath for businesses could be profound, as the 12-terabyte dataset poses a continuous threat to personal information and corporate security. The data grants threat actors with a comprehensive toolkit for cyberattacks, and an easier ability to commit crimes such as identity theft. In response, businesses are urged to adopt a proactive stance, monitoring their infrastructure for signs of unusual activity such as unrecognized access scenarios, suspicious account activity, phishing attempts, abnormal network traffic, and notable customer feedback.
Adopting a shift in security is essential, wherein companies develop a refined sense of foresight to swiftly detect irregularities within their data. Furthermore, improved authentication policies like implementing multi-factor authentication are recommended to enhance overall network security. Overall, the MOAB cyber incident underscores the importance for businesses worldwide to drastically change their outlook on effective network security.
Ransomware Group Achieves a $22 Million Scam
Over a month ago, a Russian hacking collective launched a cyberattack on a substantial portion of the US healthcare industry. The collective orchestrated a ransomware assault on a nationwide healthcare management system run by Optum that handles patient accounts, including payment processing, prescription orders, and insurance claims. Earlier this month, Optum reportedly paid AlphV (a hacking group also known as Black Cat) to eliminate the ransomware and erase the stolen data. According to Blockchain’s ledger, seven transfers of $3,348,114 each were made from the same account to seven different accounts on Friday, totaling approximately $22 million after fees. Subsequently, an anonymous party on a dark web forum confirmed the $22 million payment yet alleged that AlphV took the funds and kept the data instead of deleting it.
The contents of this “critical data” comes from numerous healthcare providers and insurance companies, including Medicare, CVS-Caremark, Loomis, and Metlife, amounting to 4TB. Soon, AlphV’s website displayed a seizure notice, presumably due to FBI and foreign agency action, although the UK’s National Crime Agency, which was specifically credited on the notice, denied involvement. Further investigation revealed that the seizure notice was copied from another AlphV website, indicating that the group is actually scamming its affiliates and fabricating an FBI takedown. AlphV’s may choose to lay low for the time being, regroup, and resurface under a different identity on the dark web, a common tactic among hacker groups facing legal pressure. This situation goes to show that hackers will go to any lengths when attempting to make a quick buck, even if it means scamming one of their own.
Contact SWK Today
Knowledge is often the best defense in the constant fight against hackers. However, staying on top of each story or new development can take time away from key aspects of your day to day. Fortunately, SWK is here to help. Contact us today and gain access to a team of cybersecurity experts who stay on top of emerging stories, so you don’t have to.