Last Month in Security Episode 002: Change Healthcare Attack Raises Stakes

In this second edition of the Halcyon video/podcast series Last Month in Security, host Anthony M. Freed and panelists Ben Carr and Ryan Golden are joined by Ryan Permeh, partner at Syn Ventures, to delve into the fallout from the recent Change Healthcare attack that crippled healthcare payment processes across the country.

UnitedHealth - parent company Change Healthcare, the largest healthcare payment processor in the U.S. - announced it is pouring $2 billion into ransomware attack recovery efforts in what American Hospital Association CEO Rick Pollack described as “the most serious incident of its kind leveled against a U.S. health care organization.”

Services were "crippled” following the attack in February, as more than 90% of the more than 70,000 U.S. pharmacies that use Change Healthcare were forced to find alternate ways to process payments.

The impact of the attack is widespread and threatens the viability of some providers:

• The attack was reportedly costing one Massachusetts health care system about $24 million a day in delayed payments
• One of the biggest nursing home operators in the U.S., Petersen Health Care, filed for bankruptcy following the attack
• The New Mexico Cancer Center owes $2 million to its supplier of chemotherapy medication and is concerned the supplier will cut them off
• The CEO of Pulse Wellness Cooperative in Oregon said Feb. 19 was the last day employees were paid and may need to use credit cards or sell her home to meet payroll.
• A Naperville, Illinois man was unable to pay out-of-pocket for medication typically covered by insurance and ended up hospitalized

Following the attack, the US Department of Health & Human (HHS) Services Office for Civil Rights (OCR) announced they have launched an investigation of the incident and whether Protected Healthcare Information (PHI) of patients was compromised.  

And as can be expected, lawsuits have started to be filed against UnitedHealth Group, Optum Inc., and Change Healthcare by organizations impacted in the attack.

Join us for a provocative look at the attack, the impact of ransomware on critical infrastructure providers – particularly in the healthcare sector – and a deeper discussion on what needs to change in order to get ahead of these disruptive and costly attacks.

‍About Our Guest:

Ryan Permeh, partner at Syn Ventures, has been a leader in security innovation for several decades and has a storied career in both offensive and defensive security, helping pioneer the use of AI/ML to detect and defeat novel threats.  

He discovered and was the primary analyst investigating the “Code Red” computer worm and contributed to many other analyses of significant threats over his career.

Permeh was Co-Founder and former Chief Scientist at Cylance (acquired by Blackberry $1.4b in 2020) and led development of the architecture behind Cylance’s mathematical engine and groundbreaking approach to security that disrupted the industry and introduced Next-Generation Antivirus (NGAV).  

Prior to co-founding Cylance, he served as Chief Scientist for over two decades at McAfee, focusing on technology strategy. Prior to that, Permeh was a Distinguished Engineer at eEye Digital Security where he focused on building security assessment tools.

Permeh has published numerous articles, papers and books, and is a frequent speaker at conferences around the world on the topics of security, privacy, AI/ML, and entrepreneurship.  

His research has led to numerous innovations in both offensive and defensive security technology, and he has more than 20 patents in the security and data science fields.

Your Hosts:

Anthony M. Freed, Halcyon Director of Research and Communications: Freed is a strategic communications leader, award-winning writer, publisher and podcast producer who was previously a freelance security journalist leading headline-making investigations that included the Symantec NAV source code leak, the mass compromise of US government agency account credentials, the denial-of-service attack that took down WikiLeaks, and more. Freed is also the principal researcher who produces the quarterly Halcyon report Power Rankings: Ransomware Malicious Quartile - Inside Data Extortion Attacks.

Ben Carr, Halcyon Advisory CISO: Carr is a Security & Risk Executive and recognized thought leader with more than 25 years of results driven experience in developing and executing security strategies. Carr has served in global leadership roles at advanced technology, high risk, and rapid growth companies such as Ericsson (Cradlepoint), Qualys, Aristocrat, Tenable, Visa and Nokia. Ben has served as a member of the Board of Directors for organizations such as IT-ISAC and NTXPKUA. He is an advisor for Noname Security and Syn Ventures and has previously served on Advisory boards for Living Security, TruStar, Mimecast, Qualys, and Accuvant.

Ryan Golden, Halcyon Chief Marketing Officer: Golden has a strong background in marketing and leadership roles across the security industry and vast experience in building successful brands, as demonstrated by his role as VP of Design & Creative at Cylance, Inc., where he led the disruptive Cylance brand from pre-revenue to a $1.4B acquisition By BlackBerry. Golden is a technical CMO with deep experience in defending organizations against ransomware operations and other advanced attack scenarios, and also served as the Vice President of Marketing at ShiftLeft, Inc. ‍

‍

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.