Nebraska has been thrust into the spotlight with a significant data breach that has exposed personal information of about a million residents. The Attorney General, Mike Hilgers, has taken decisive action by filing a lawsuit against Change Healthcare. This breach not only compromised the privacy of individuals but also had far-reaching consequences for the state's healthcare system.

Key Details of the Data Breach

The data breach began on February 11 when the username and password of a "low-level customer support employee" were posted on a Telegram group chat. It took 10 days for the cyberattack to be detected, during which a hacker logged in via Citrix and established privileged administrator accounts, installing malware and exfiltrating terabytes of sensitive data. The breach was discovered on February 21 when ransomware was deployed, crippling Change Healthcare's systems. Compromised data included security numbers, driver's license numbers, health insurance information, medical records, and billing details.This breach caused widespread disruption to Nebraska's healthcare system. Rural hospitals and critical access facilities, already operating on thin margins, were particularly affected. Providers had to deliver care without receiving payment for insurance claims, while others incurred significant costs switching to new transaction clearinghouses. Patients faced delays in receiving medications and treatments, and their sensitive information remained vulnerable on the dark web.

Systematic Failures by Change Healthcare

Change Healthcare was found to have several systemic failures. Their outdated and poorly segmented IT systems failed to meet basic enterprise security standards. Their response to the breach was inadequate, with the failure to detect unauthorized access for over a week, allowing hackers to establish themselves unnoticed inside the systems and access personal data. There were also delays in notifying consumers, with affected Nebraskans only beginning to receive notifications nearly five months after the breach was discovered. Widespread operational disruptions halted prior authorizations for medical care and prescriptions, leaving patients without necessary medications and treatments. Healthcare providers, such as Nebraska hospitals, pharmacies, and doctors' offices, faced significant financial and operational burdens.

Impact on Nebraska Patients

The impact on Nebraska patients was substantial. There is a potential for identity theft, financial fraud, and exploitation of personal health information. This data breach is not only a privacy concern but also has financial implications for individuals. Patients may face difficulties in dealing with the aftermath of the breach and protecting their financial well-being.

Call to Action for Nebraska Healthcare Providers

His office is asking Nebraska healthcare providers who may have been affected by the February cyberattack on Change Healthcare to submit their contact information to the Nebraska Attorney General's Office at ProtectTheGoodLife.Nebraska.gov. This is an important step in ensuring that affected providers are accounted for and can receive the necessary support and assistance.In conclusion, this data breach is a significant event that has had a profound impact on Nebraska. The lawsuit filed by the Attorney General is a crucial step in holding Change Healthcare accountable and seeking justice for the affected residents. It is essential that such incidents are addressed promptly and effectively to protect the privacy and well-being of individuals.