[Material-Incidents] No. 1

UnitedHealth Ransomware Woes

Hey Everyone,

Thank you so much for signing up and subscribing to the first Material-Incidents newsletter! My LinkedIn post launching Material-Incidents garnered more attention than I was initially expecting. Since then, we’re now at a total of 16 cybersecurity related SEC 8-K filings. The cadence of the filings is a bit unpredictable, averaging one a week since December but there have been multi-week gaps without a filing. That being said, I’ll only send updates when there are updates to give and aim for a weekly Friday cadence.

All 16 filings by industry

This weeks Filings

UnitedHealth Group 8-K/A, March 8, 2024
UnitedHealth has updated the ongoing incident that started back in February with one of their subsidiaries, Change Healthcare. The initial incident brought down critical systems on February 21st, as of the date of the filing not all systems have been fully restored. Although not mentioned in the original filing or the addendum 8K/A, its been speculated that Change Healthcare was hit with a ransomware attack. BlackCat is the alleged cybercrime group behind the unprecedented attack, requesting $22 million from Change Healthcare. Public Bitcoin transactions show a $22 million/350 BTC (Now valued at over $25M) transaction that was likely paid to decrypt ChangeHealthcare data. This follows the trend of healthcare providers being hit hardest by ransomware in 2023. This incident is still unfolding, The Office for Civil Rights, Department of Health & Human Services has just announced they’re starting an investigation. This is the first federal investigation opened but may not be the last given the scale and privacy concerns.

Microsoft 8-K/A, March 8, 2024
Microsoft has filed an addendum to their initial filing back in January, “beginning in late November 2023, a nation-state associated threat actor had gained access and exfiltrated information from a very small percentage of employee email accounts”. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium. The latest filing discloses Midnight Blizzard continues to leverage the information gathered initially to access internal systems and source code repositories. Microsoft claims this incidents has not had a material impact on the company’s operation but the incident appears to be ongoing.

MarineMax Inc 8-K, March 12, 2024
The largest lifestyle retailer of recreational boats and yachts filed their first 8K cybersecurity filing. The company filed Tuesday they had detected some unauthorized access to ‘portions of its information environment’. The company took immediate measures to contain the unauthorized access but the incident resulted in ‘some disruption’ to the company’s business operations. The company will continue to investigate but did not share many additional details on the incident.

Thank you all for reading! Please feel free to reply directly to this email with any thoughts/questions/feedback. Look forward to sending out more of these reports.

Best,
Matt