Cybersecurity

Respond to Chris discussion post. In 2024, Change Healthcare a subsidiary of United Health Group that handles payments, claims, and medical eligibility, was hit with a ransomware attack. This attack halted payments, medical prescriptions, and exposed millions of Americans sensitive medical information (Hale, 2024). Factors that contributed to this attack is their reliance on legacy systems and not keeping the security up to date, networks that were fragmented, and not having a standardized approach to security. This can cause gaps in security leaving it more vulnerable (U.S. Department of Health & Human Services, 2024). Change Healthcare ended up paying the ransom to restore its services, and with how valuable of medical data can be hackers could make more while hurting peoples lives selling it on the internet. This incident shows that healthcare is a critical infrastructure issue whose digital vulnerabilities can lead to national-level consequences. Strengthening cybersecurity in healthcare must be regarded as a fundamental part of national resilience. In 2025 a pro-Russian activist group attacked the U.S oil infrastructure and water systems. They did this by exploiting exposed access tools like virtual network computing (VNC) (Goodin, 2025). They were able to access these systems due to weak authentication process, poor asset visibility and the assumption that operational technology, which is used for water pumps, pipelines, traffic control systems, and many other parts of the CI, was not isolated from the public internet (Cybersecurity & Infrastructure Security Agency et al., 2025). These cases show how interconnected systems, older technologies and poor cybersecurity practices create a vulnerability in are CI for groups to exploit. The repercussions for these practices or lack thereof can create havoc on the security of this country. This reinforces the need to be proactive in risk management, collaboration between public and private sectors. This should be a wake up call to have a standardized cybersecurity system across all CI. Hope Bureau of Investigation, & Department of Energy. (2025). Mitigating cyber threats to water and wastewater systems. Goodin, D. (2025, January 23). ProRussia hackers breached multiple U.S. water systems using exposed VNC. Ars Technica. U.S. Department of Health & Human Services. (2024). HC3 analyst note: BlackCat/ALPHV ransomware and the healthcare sector. UnitedHealth Group. (2024). UnitedHealth Group provides update on Change Healthcare