xAI has released an iOS app in the US for its Grok chatbot, as spotted earlier by TechCrunch. The standalone app version of the chatbot, which xAI calls a beta, can perform the same functions as the one built into X, as it can field real-time information, answer questions, and generate images.
Technology
Change Healthcare ransomware attack exposes personal health information of over 100 million
Over the past few months, we’ve seen a wave of data breaches affecting millions of people, from health care giants to government contractors and more. This latest incident is yet another in a long line of alarming breaches. Change Healthcare experienced a major data breach in February this year, causing widespread disruption across the U.S. health care sector. At the time, the company did not specify how many people were affected by the breach but hinted that it might impact well more than one-third of the U.S. population, marking one of the largest known digital thefts of medical records to date.
The owner of Change Healthcare, UnitedHealth Group (UHG), has now confirmed for the first time that more than 100 million people had their personal information and health care data stolen in what was a ransomware attack.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
UnitedHealth Group confirmed for the first time that more than 100 million people had their personal information and health care data stolen. (Kurt “CyberGuy” Knutsson)
Timeline of the Change Healthcare cyberattack
The Change Healthcare cyberattack happened in February, with news going public on Feb. 21. To contain the breach, the company took its systems offline, which led to immediate disruptions across the U.S. health care sector that relies on Change’s services for claims processing, payments and data sharing. UHG CEO Andrew Witty told Congress in May that “maybe a third” of Americans’ health data was exposed in the attack.
A month later, Change Healthcare sent out a data breach notice confirming that the February ransomware attack exposed a “substantial quantity of data” affecting many Americans. UnitedHealth Group started notifying impacted individuals in late July, with notifications continuing through October, and the final tally of those affected was released this month.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) data breach portal updated the total number of impacted people to 100 million: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” reads an updated FAQ on the OCR website.
The February ransomware attack exposed a “substantial quantity of data” affecting many Americans. (Kurt “CyberGuy” Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What data got stolen?
There’s roughly a 30% chance your personal data was compromised in this breach. Change Healthcare is one of the largest handlers of health, medical data and patient records, and in 2022 it merged with U.S. health care provider Optum as part of a deal with UHG, bringing the two giants together under UHG’s umbrella.
This merger gave Optum – already managing physician groups and providing tech and data to insurers and health care services – broader access to the patient records handled by Change. Overall, UHG offers benefit plans to more than 53 million customers in the U.S. and another 5 million globally, while Optum serves about 103 million U.S. customers.
The stolen data varies by individual but includes personal information such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport numbers. On top of that, hackers may also have accessed health data, including diagnoses, medications, test results, imaging, care and treatment plans and health insurance information. Financial and banking details found in claims and payment data are also reportedly compromised.
Change Healthcare is one of the largest handlers of health, medical data and patient records. (Kurt “CyberGuy” Knutsson)
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
What caused the data breach?
The Change Healthcare data breach was caused by a ransomware attack, a type of malware attack that blocks access to the victim’s personal data unless a “ransom” is paid. UHG said ALPHV/BlackCat was behind the attack, a Russian-speaking ransomware and extortion gang that later took credit for the cyberattack.
However, the attack was made possible because Change Healthcare wasn’t smart enough to protect its customers’ data with multifactor authentication. The company admitted this during a House hearing into the cyberattack in April. This raises an important question: how could a company that has billions of dollars in revenue and stores data for over 100 million Americans fail at basic cybersecurity?
UHG paid a ransom to get a decryptor and for the hackers to delete the stolen data. The ransom was said to be around $22 million and was supposed to be split between the affiliate and the ransomware operation. However, BlackCat kept it all for themselves and pulled an exit scam.
This complicated things for UHG because the affiliate claimed they still had the company’s data. They later joined forces with a new group called RansomHub, leaking some of the stolen data and extorting a second ransom from UHG.
6 ways to protect yourself from Change Healthcare data breach
1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. Check out my top picks for data removal services here.
2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
5) Recognizing and reporting a Social Security scam: If there is a problem with a person’s Social Security number or record, Social Security will typically mail a letter. You can learn more about recognizing Social Security-related scams, including how to report a scam quickly and easily online to Social Security’s Office of the Inspector General, by reading more at www.ssa.gov/scams.
6) Invest in identity theft protection: Data breaches happen every day and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaway
In just 2024, with over two months still to go, we’ve witnessed countless data breaches affecting millions of Americans. This highlights how valuable your data is and how little some companies are doing to protect it. Big firms with massive revenues are struggling to implement even the most basic cybersecurity measures, practically inviting cybercriminals to hack their systems. Change Healthcare fell into this trap by not implementing two-factor authentication, leaving everything from your financial details to health data in the hands of criminals.
Do you think these companies are doing enough to protect your data and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover. Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25330839/STK262_GROK_B.png "X launches Grok’s iPhone app in the US")
xAI started testing Grok’s standalone iOS app in December in a handful of countries. There’s no word on when it may come to Android.
Though Grok was initially only available to X Premium subscribers, the platform started letting all users access the chatbot last month, bringing it in line with other free-to-use chatbots like OpenAI’s ChatGPT, Anthropic’s Claude, Google Gemini, and Microsoft Copilot.
As pointed out by TechCrunch, it seems xAI is also working on a dedicated Grok.com website that currently has a “coming soon” message on it. After raising $6 billion in June, xAI reported another $6 billion funding round, including from “strategic investors” like Nvidia and AMD.
Fake apps are a big problem, and their clever social engineering tricks make them hard to catch.
There are tons of these apps out there mimicking popular apps like PayPal and Spotify. Security researchers have found another fake app pretending to be the premium version of Telegram, a messaging app with over a billion downloads. Hackers are using this app to spread malware called FireScam. It can steal everything you type on your Android phone and other personal info.
Since it tracks your keyboard, it also gets all your passwords, which could give hackers access to sensitive data.
I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2
Android phone (Kurt “CyberGuy” Knutsson)
What you need to know about FireScam
As reported by threat management company Cyfirma, FireScam is a type of malware that targets Android devices to steal personal information. It works like spyware, keeping an eye on what you do on your Android phone, such as reading your notifications, messages, clipboard content and more.
Hackers are spreading FireScam by pretending it’s a premium version of Telegram. They’ve created a fake website on GitHub that looks like RuStore (a real app store in Russia). When people visit this fake site, they’re tricked into downloading an app that looks like “Telegram Premium.” However, this app is actually a trap. Once installed, it downloads the FireScam malware onto your device and starts stealing your personal data.
To avoid detection, the app is heavily disguised using a tool called DexGuard. It asks for permissions to access your storage, check installed apps and install more software. When you open the app, it shows a fake login page that looks like Telegram’s. If you enter your details, it steals your credentials.
The stolen data is first stored in a Firebase Realtime Database, but hackers later move it to private servers. The malware also registers each compromised device with a unique ID so hackers can keep track of their victims.
A man using his phone (Cyfirma)
ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY
FireScam can steal almost everything on your phone
According to Cyfirma’s analysis, the FireScam malware is highly effective at stealing nearly all types of data from an infected Android device. It categorizes and sends anything you type, drag and drop, copy to the clipboard or even data automatically filled by password managers or exchanged between apps directly to the hackers.
The malware also monitors device state changes, such as when the screen turns on or off, and tracks e-commerce transactions to capture financial details. Plus, it spies on messaging apps to steal conversations and monitors screen activity, uploading key events to its server for further exploitation.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Fake Telegram Premium app (Kurt “CyberGuy” Knutsson)
ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA
6 ways to stay safe from fake apps
1. Download apps only from official stores: Always use trusted app stores like Google Play or the Apple App Store to download apps. These platforms have security measures to detect and remove fake or harmful apps. Avoid downloading apps from random websites, pop-up ads or unofficial third-party stores as these are common sources of fake apps.
2. Verify the app’s developer: Before installing an app, check who created it. Look at the developer’s name and ensure it matches the official company behind the app. Fake apps often copy the names of popular apps but use slightly altered spellings or extra characters. For example, a fake might be called “PayPaal” instead of “PayPal.”
3. Pay attention to reviews and ratings: Reviews and ratings can give you insight into an app’s authenticity. If an app has mostly negative reviews, very few downloads or generic comments like “Great app,” it could be fake. Genuine apps typically have a large number of detailed reviews over time. Be cautious of apps with five-star ratings but no specific feedback.
4. Be cautious of app permissions: Check the permissions the app requests before installing. A flashlight app, for example, shouldn’t need access to your contacts or messages. If an app is asking for permissions that don’t align with its purpose, it could be a red flag. Always deny permissions that seem excessive or unnecessary.
5. Keep your phone and apps updated: Regular updates for your operating system and apps often include important security fixes that protect your device from malware. Turning on automatic updates can ensure you always have the latest protections.
6. Use strong antivirus software: Install strong antivirus software on your Android. These tools can scan apps for malware, detect suspicious activity and block harmful downloads. Strong antivirus software provides an extra layer of defense, especially when browsing or downloading apps. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
Kurt’s key takeaway
The FireScam malware is a powerful tool that can steal everything on your phone, and it’s tough to detect if you’re not careful. Such apps can’t be distributed through legitimate app stores like the Play Store or the App Store, so they rely on third-party stores and fake websites to spread. To stay safe, the best approach is to stick to verified app stores and avoid downloading from untrustworthy sources.
When was the last time you read through the permissions an app asked for? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25822586/STK169_ZUCKERBERG_MAGA_STKS491_CVIRGINIA_A.jpg "Meta is highlighting a splintering global approach to online speech")
Meta’s overhaul of its content moderation and fact-checking policies in the US is bringing into focus a key geopolitical tension likely to grow under the incoming Trump administration: the regulation of speech online.
CEO Mark Zuckerberg made no secret of his attempt to align his interests with those of President-elect Donald Trump, saying he planned to work with Trump to “push back on governments around the world that are going after American companies and pushing to censor more” — naming Europe specifically. The US and the European Union have long had different approaches when it comes to digital regulation, which has at times inflamed tensions since many of the largest tech companies that end up being targeted by Europe’s rules are the US’s crown jewels. That dynamic is likely to be exacerbated under a second Trump administration, with the incoming president’s protectionist policies.
“The inflection point is Trump, and Facebook is just following along,” says Daphne Keller, director of the program on platform regulation at Stanford University’s Cyber Policy Center. Through the policy change, Meta is signaling to Trump that “we want to be part of a fight with Europe. We’re on your side. We’re pro-free speech,” she says.
“The inflection point is Trump, and Facebook is just following along”
Meta says the end of its third-party fact-checking program is a change it’s making “starting in the US.” The company is switching from working with third-party fact-checkers to a crowd-sourced Community Notes model, styled after X, along with fewer restrictions on what negative things users can say — particularly about women and LGBTQ people — on their platforms. Zuckerberg says this combined with other content moderation policy changes will make it so less content is inappropriately removed, a common complaint the right has been making for years, even if that means more unsavory (but legal) content stays up longer.
Under Europe’s Digital Services Act, large platforms like Meta can be held accountable for failing to remove illegal content or that which violates their own terms of service in a timely manner once it’s reported, with fines as high as 6 percent of their annual global revenue. Meta says that under its changes, it will still take down illegal content but is loosening its approach on what’s sometimes referred to as “lawful but awful” content, such as likening women to “household objects.”
Even so, should Meta expand its new approach globally, it could run into trouble in Europe. Some digital law experts worry that the DSA’s risk assessment and risk mitigation provisions could be interpreted to compel platforms to remove speech, even if the law doesn’t directly require the removal of certain harmful content. Those parts of the law require platforms to assess risk and create plans to mitigate the potential negative impact of their services on “fundamental rights,” which may be vague enough for some regulators to make the case that content moderation and fact-checking decisions may be included.
Others, like London School of Economics and Political Science associate law professor Martin Husovec, have said that fears that the DSA would turn the EU into a “Ministry of Truth are misplaced,” since even though there’s opportunity for abuse, the law is not “pre-programmed” to suppress lawful disinformation.
European Commission spokesperson Thomas Regnier declined to comment on Meta’s announcement but said in a statement that they will continue to monitor designated “very large online platforms” like Meta for compliance with the DSA. “Under the DSA, collaborating with independent fact-checkers can be an efficient way for platforms to mitigate systemic risks stemming from their services, while fully respecting the freedom of expression,” Regnier says. “This applies to risks such as the spread of disinformation, or negative effects to civic discourse and electoral integrity.”
Regnier also noted that Meta signed the voluntary Code of Practice against disinformation, which includes certain commitments about working with fact-checkers. But it could continue to follow X’s footsteps in reversing that commitment.
During a press conference after Meta’s announcement, Regnier said that Europe isn’t asking any platforms to remove lawful content. “We just need to make the difference between illegal content and then content that is potentially harmful … There, we ask just platforms to take appropriate risk mitigation measures.”
Regardless, Meta will still likely need to remove more speech in Europe than it does in the US to comply with local laws. For example, Holocaust denial is illegal in countries like Germany, while the US has no such speech restrictions. Still, Keller points out that European leaders are less unified now than they were a couple years ago when it comes to dealing with issues like gender identity and immigration. “A bunch of right and far-right parties are coming to power in Europe. So there’s far less of a unified European political agenda around culture wars issues than there used to be,” she says.
Even so, Keller says she worries that Zuckerberg’s rhetoric toward Europe in his announcement could create a dynamic that emboldens European regulators who want to go after US platforms over speech concerns. “He will offend them, and they’ll get their backup, and then they really will interpret it to give themselves broader powers and to be able to punish Meta more,” Keller says. “It’s almost like he’s going to drive them into becoming the censors that he claims they are now.”
New York12 minutes ago
Hochul Seeks to Limit Private-Equity Ownership of Homes in New York
Los Angeles, Ca14 minutes ago
Wealthy L.A. investor blasted for seeking paid firefighters: ‘Will pay any amount’
Detroit, MI33 minutes ago
Detroit Tigers avoid arbitration with all nine eligible players for $26.76 million in 2025
South36 minutes ago
Pacific Palisades inferno forces thousands to flee California homes; Gov. Newsom declares state of emergency
San Francisco, CA40 minutes ago
Daniel Lurie wants to pause city hiring — with some caveats
Colorado2 years ago
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
Videos1 year ago
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
Midwest3 years ago
See it: Tesla crashes into Columbus convention center at 70 mph
South2 years ago
Fox News Politics: Georgia the whole day through
South3 years ago
Death of missing Oregon girl found in stream ruled homicide
News5 hours ago
Elon Musk Downplays the Role of Climate in L.A. Fires, Scientists Say
Politics6 hours ago
Did moderate Democrats get religion with embrace of Laken Riley Act?
World7 hours ago
Ramstein: Germany pledges tanks, missiles, and air defence for Ukraine
News7 hours ago
Photos: See the California wildfires' destructive force, in satellite images
News13 hours ago
The 39th president will be buried later at his Georgia home. Here’s the latest.
-
Business1 week agoThese are the top 7 issues facing the struggling restaurant industry in 2025
-
Culture1 week agoThe 25 worst losses in college football history, including Baylor’s 2024 entry at Colorado
-
Sports1 week agoThe top out-of-contract players available as free transfers: Kimmich, De Bruyne, Van Dijk…
-
Politics1 week agoNew Orleans attacker had 'remote detonator' for explosives in French Quarter, Biden says
-
Politics7 days agoCarter's judicial picks reshaped the federal bench across the country
-
Politics5 days agoWho Are the Recipients of the Presidential Medal of Freedom?
-
Health4 days agoOzempic ‘microdosing’ is the new weight-loss trend: Should you try it?
-
World1 week agoIvory Coast says French troops to leave country after decades