10 ways to stay safe amid a cyberattack

ATLANTA — A cyberattack against a massive health insurance company is still affecting patients and pharmacies. 

Owned by UnitedHealth Group, Change Healthcare said it discovered on Feb. 21 that "a threat actor" accessed one of its environments. The cyberattack has prevented pharmacies from verifying whether someone is covered by insurance and made it difficult to confirm copayment amounts. 

Rick Hudson, chief technology officer at Critical Path Security, said crippling the billing process was carried out by AlphV/Blackcat, a group that's been seen before as Darkside, the threat actor for Colonial Pipeline.

"They want to make it inconvenient. They also want to embarrass them. You think about it: healthcare has your life in their hands,“ Hudson said. 

11Alive reached out to UnitedHealthcare about the cyberattack, and in a statement, it confirmed it's "working closely with law enforcement and leading third-party consultants... on this attack.”

The statement added that the company “made progress in providing workarounds and temporary solutions to bring systems back online in pharmacy, claims and payments.” While they didn’t tell us exactly how many people were affected, they shared that based on their ongoing investigation, “there is no indication that Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected by this issue.”

According to Wired, a science and technology media company, the healthcare giant may have paid the hackers' ransom demand.

Hudson said the full extent of the breach will not be known for months, and everyone with UnitedHealthcare should take extra steps to stay safe, like locking down their credit and contacting the Social Security Administration. Hudson shared these 10 tips for everyone.

10 tips to stay safe amid cyberattack

1. Create Strong Passwords: Use unique and complex passwords for your online accounts. Consider using a password manager to securely store and manage your passwords, as well as generating complex passwords and keeping them encrypted.
2. Update Software Regularly: Keep your operating system, applications, and antivirus software up to date. Regular updates patch security vulnerabilities.
3. Think Before You Click: Be cautious when interacting with emails, links, and attachments. Avoid clicking on suspicious or unexpected links, especially from unknown senders.
4. Multi-Factor Authentication (MFA): Enable MFA wherever possible. It adds an extra layer of security by requiring a second form of verification (such as a text message or app notification).
5. Secure Your Wi-Fi Network: Change the default password for your home Wi-Fi router and use WPA3 encryption. Also, avoid using public Wi-Fi for sensitive transactions.
6. Regularly Back Up Data: Back up important files and data to an external drive or cloud storage. This way, in case of a cyber incident, you’ll have a copy of your data.
7. Be Wary of Phishing: Be skeptical of unsolicited emails, especially those asking for personal information or urgent action. Verify the sender’s legitimacy before responding.
8. Use Throwaway Email Accounts: For non-essential services, consider using disposable or throwaway email accounts. This minimizes exposure of your primary email address.
9. Search for Yourself Online: Periodically search your name online to monitor any potential exposure of personal information.
10. Employ Virtual Private Networks (VPNs): When accessing public Wi-Fi or browsing sensitive content, use a VPN to encrypt your internet traffic and enhance privacy.