Over the past few months, we’ve seen a wave of data breaches affecting millions of people, from health care giants to government contractors and more. This latest incident is yet another in a long line of alarming breaches. Change Healthcare experienced a major data breach in February this year, causing widespread disruption across the U.S. health care sector. At the time, the company did not specify how many people were affected by the breach but hinted that it might impact well more than one-third of the U.S. population, marking one of the largest known digital thefts of medical records to date.

The owner of Change Healthcare, UnitedHealth Group (UHG), has now confirmed for the first time that more than 100 million people had their personal information and health care data stolen in what was a ransomware attack.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Timeline of the Change Healthcare cyberattack

The Change Healthcare cyberattack happened in February, with news going public on Feb. 21. To contain the breach, the company took its systems offline, which led to immediate disruptions across the U.S. health care sector that relies on Change’s services for claims processing, payments and data sharing. UHG CEO Andrew Witty told Congress in May that “maybe a third” of Americans’ health data was exposed in the attack.

A month later, Change Healthcare sent out a data breach notice confirming that the February ransomware attack exposed a “substantial quantity of data” affecting many Americans. UnitedHealth Group started notifying impacted individuals in late July, with notifications continuing through October, and the final tally of those affected was released this month.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) data breach portal updated the total number of impacted people to 100 million: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” reads an updated FAQ on the OCR website.

The February ransomware attack exposed a “substantial quantity of data” affecting many Americans. (Kurt “CyberGuy” Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

What data got stolen?

There’s roughly a 30% chance your personal data was compromised in this breach. Change Healthcare is one of the largest handlers of health, medical data and patient records, and in 2022 it merged with U.S. health care provider Optum as part of a deal with UHG, bringing the two giants together under UHG’s umbrella.

This merger gave Optum – already managing physician groups and providing tech and data to insurers and health care services – broader access to the patient records handled by Change. Overall, UHG offers benefit plans to more than 53 million customers in the U.S. and another 5 million globally, while Optum serves about 103 million U.S. customers.

The stolen data varies by individual but includes personal information such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport numbers. On top of that, hackers may also have accessed health data, including diagnoses, medications, test results, imaging, care and treatment plans and health insurance information. Financial and banking details found in claims and payment data are also reportedly compromised.

Change Healthcare is one of the largest handlers of health, medical data and patient records. (Kurt “CyberGuy” Knutsson)

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

What caused the data breach?

The Change Healthcare data breach was caused by a ransomware attack, a type of malware attack that blocks access to the victim’s personal data unless a “ransom” is paid. UHG said ALPHV/BlackCat was behind the attack, a Russian-speaking ransomware and extortion gang that later took credit for the cyberattack.

However, the attack was made possible because Change Healthcare wasn’t smart enough to protect its customers’ data with multifactor authentication. The company admitted this during a House hearing into the cyberattack in April. This raises an important question: how could a company that has billions of dollars in revenue and stores data for over 100 million Americans fail at basic cybersecurity?

UHG paid a ransom to get a decryptor and for the hackers to delete the stolen data. The ransom was said to be around $22 million and was supposed to be split between the affiliate and the ransomware operation. However, BlackCat kept it all for themselves and pulled an exit scam.

This complicated things for UHG because the affiliate claimed they still had the company’s data. They later joined forces with a new group called RansomHub, leaking some of the stolen data and extorting a second ransom from UHG.

6 ways to protect yourself from Change Healthcare data breach

1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. Check out my top picks for data removal services here.

2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company. 

5) Recognizing and reporting a Social Security scam: If there is a problem with a person’s Social Security number or record, Social Security will typically mail a letter. You can learn more about recognizing Social Security-related scams, including how to report a scam quickly and easily online to Social Security’s Office of the Inspector General, by reading more at www.ssa.gov/scams.

6) Invest in identity theft protection: Data breaches happen every day and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Kurt’s key takeaway

In just 2024, with over two months still to go, we’ve witnessed countless data breaches affecting millions of Americans. This highlights how valuable your data is and how little some companies are doing to protect it. Big firms with massive revenues are struggling to implement even the most basic cybersecurity measures, practically inviting cybercriminals to hack their systems. Change Healthcare fell into this trap by not implementing two-factor authentication, leaving everything from your financial details to health data in the hands of criminals.

Do you think these companies are doing enough to protect your data and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

A few months ago, my doctor showed off an AI transcription tool he used to record and summarize his patient meetings. In my case, the summary was fine, but researchers cited by ABC News have found that’s not always the case with OpenAI’s Whisper, which powers a tool many hospitals use — sometimes it just makes things up entirely.

Whisper is used by a company called Nabla for a medical transcription tool that it estimates has transcribed 7 million medical conversations, according to ABC News. More than 30,000 clinicians and 40 health systems use it, the outlet writes. Nabla is reportedly aware that Whisper can hallucinate, and is “addressing the problem.”

A group of researchers from Cornell University, the University of Washington, and others found in a study that Whisper hallucinated in about 1 percent of transcriptions, making up entire sentences with sometimes violent sentiments or nonsensical phrases during silences in recordings. The researchers, who gathered audio samples from TalkBank’s AphasiaBank as part of the study, note silence is particularly common when someone with a language disorder called aphasia is speaking.

One of the researchers, Allison Koenecke of Cornel University, posted examples like the one below in a thread about the study.

The researchers found that hallucinations also included invented medical conditions or phrases you might expect from a YouTube video, such as “Thank you for watching!” (OpenAI reportedly used to transcribe over a million hours of YouTube videos to train GPT-4.)

The study was presented in June at the Association for Computing Machinery FAccT conference in Brazil. It’s not clear if it has been peer-reviewed.

OpenAI spokesperson Taya Christianson emailed a statement to The Verge:

We take this issue seriously and are continually working to improve, including reducing hallucinations. For Whisper use on our API platform, our usage policies prohibit use in certain high-stakes decision-making contexts, and our model card for open-source use includes recommendations against use in high-risk domains. We thank researchers for sharing their findings.

Are you tired of forgetting to send important messages at the right time?

IOS 18 brings a game-changing feature to the Messages app — the ability to schedule text messages for future delivery. 

This long-awaited addition allows you to compose messages in advance and set them to send at a specific time, ensuring you never miss an important reminder or forget to wish someone a happy birthday. Your recipient can use any device, and they won’t be aware that the message was scheduled.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Ensure your device is updated with iOS 18

Before diving into this new feature in iOS 18, it’s essential to ensure that your device is updated to the latest operating system.

Check your current iOS version:

• Open the Settings app on your device.
• Tap General.
• Tap About. Here, you’ll see the version number next to Software Version.

Update to iOS 18:

• Go to Settings.
• Tap General.
• Tap Software Update.
• If iOS 18 is available, tap Download and Install.
• Follow the on-screen instructions to complete the update.

Steps to update to iOS 18 on iPhone. (Kurt “CyberGuy” Knutsson)

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

How to use Send Later in Messages

Using the new Send Later feature is straightforward:

• Open the Messages app.
• Start a new conversation or select an existing one.
• Type your message as usual.
• Instead of sending immediately, tap the plus (+) sign next to the text box.
• Select Send Later from the menu (you may need to tap “More” first).
• Choose the date and time you want the message to be sent.
• Tap the send button, which is the blue up arrow, to schedule your message.
• Your scheduled message will appear in the conversation with a dashed outline, and the scheduled send time will be displayed above it.

Steps to use Send Later in iOS 18 on iPhone. (Kurt “CyberGuy” Knutsson)

Note: Scheduled messages are encrypted and stored on Apple servers only until they are sent. Once a message is sent, it is removed from Apple servers, the message balloon becomes a solid color, and the dashed line disappears.

APPLE TRANSFORMS AIRPODS PRO 2 INTO LOW-COST HEARING AIDS

Change the time to send a message

You can reschedule a message until its delivery time.

• Go to the Messages app on your iPhone.
• Go to the conversation with the message you want to reschedule.
• Tap Edit beside the date (above your scheduled message), then do any of the following:
• If you want to reschedule it, tap Edit Time, choose a new time and then tap away from the schedule to commit to the new time.
• If you want to send it immediately, tap Send Message.

Steps to change the time to send a message in iOS 18 on iPhone. (Kurt “CyberGuy” Knutsson)

HOW TO SCHEDULE A FREE SESSION WITH APPLE SUPPORT

Edit a scheduled message

You can edit a scheduled message until its delivery time.

• Go to the Messages app on your iPhone.
• Go to the conversation with the scheduled message you want to edit.
• Touch and hold the message bubble, then tap Edit.
• Make any changes, then tap the checkmark in the blue circle to resend with edits or the X in the grey circle to revert.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Steps to edit a scheduled message in iOS 18 on iPhone. (Kurt “CyberGuy” Knutsson)

Delete a scheduled message

When you delete a message before its scheduled time, it’s canceled and not delivered to the recipient.

• Go to the Messages app on your iPhone.
• Go to the conversation with the scheduled message you want to delete.
• Touch and hold the message you want to cancel, then tap Delete.

Steps to delete a scheduled message in iOS 18 on iPhone. (Kurt “CyberGuy” Knutsson)

Limitations to keep in mind

While Send Later is a great new feature, there are some limitations to be aware of:

• Messages can only be scheduled up to two weeks in advance. However, this limit might change with future iOS updates.
• The feature is only available for iMessage conversations (blue bubbles), not for SMS texts to non-iPhone users (green bubbles).
• Your iPhone needs to be online for scheduled messages to be sent. If your device is offline at the scheduled time, the message will be sent once it reconnects to the internet.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Kurt’s key takeaways

The Send Later feature in iOS 18 is a welcome addition that brings more flexibility and convenience to iPhone messaging. While it has some limitations, particularly its restriction to iMessage conversations, it’s a powerful tool for managing your communications. Whether you’re remembering birthdays, sending timely reminders or communicating across time zones, Send Later can help you stay on top of your messaging game. As Apple continues to refine this feature, we can hope to see expanded functionality in future updates.

Can you share a specific situation where the Send Later feature would have been helpful for you? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.