In February 2024, the United States experienced the largest healthcare data breach in its history a single ransomware attack that exposed nearly 200 million people’s medical and personal information and disrupted hospitals, pharmacies, and insurers across the country. This wasn’t a sophisticated zero ‑ day exploit. It wasn’t a nation ‑ state superweapon. It wasn’t an AI ‑ powered cyber ‑ apocalypse. It was a single stolen password and a remote access system with no MFA. The Change Healthcare attack is the clearest demonstration yet of how fragile critical infrastructure becomes when identity security is treated as optional. How the Attack Happened The attackers the ALPHV/BlackCat ransomware group gained access through a Citrix remote access portal that was protected only by a username and password. No MFA. No conditional access. No behavioural analytics. Once inside, they spent nine days moving laterally, escalating...
"Exploring the world of cybersecurity and home labs—documenting my journey, sharing insights, and tackling technical challenges. Whether it's SIEM setups, Linux configurations, or troubleshooting, this blog is all about learning and improving along the way."