The Breach Report: February 25, 2024

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

AT&T, Verizon, and T-Mobile suffer widespread outages and SOS status

As I attended the Chief Digital and Artificial Intelligence Office (CDAO) Advantage Conference 2024 in Washington, D.C., last week, a strange thing happened.

Thursday, I kept losing cell signals on my personal and work smartphones – which are on different carriers. The signal strength frequently fluctuated even when I was stationary and would bounce between 4G, 5G, or SOS, indicating you can only call or text emergency services through the cellular network.

I brushed it off as just another atmosphere interference or the building itself blocking cell signal.

Later that day, I learned that there were widespread outages across AT&T, Verizon, and T-Mobile, affecting millions of Americans just like me. My next immediate thought, admittedly, was, “Is this a cyberattack?” and next, “If it is, man, this is eerily similar to the Netflix movie Leave the World Behind.”

I got in my car, which is a Tesla Model 3, and noticed it had lost its cell signal, too. I hoped this was the extent of odd behavior from my Model 3, with no more similarities to Leave the World Behind.

Well, panic no more. According to AT&T, the widespread outage, at least for their cell services, was not due to a cyberattack but instead a “software glitch.”

“Based on our initial review, we believe that today’s outage was caused by the application and execution of an incorrect process used as we were expanding our network, not a cyber attack,” an AT&T official confirmed.

A Department of Defense official confirmed to Fox News that there was “no indication that the outage was due to a cyberattack.” The Federal Communications Commission also confirmed via X that it was aware of the outages and is communicating with various providers.

Verizon stated that the outage of its users was when they were trying to contact AT&T users affected by the AT&T outage. However, I can confirm that my Verizon smartphone repeatedly fluctuated in cell signal strength and displayed “SOS” multiple times, yet I was not trying to call anyone actively.

While this issue has subsided in the following days and has already left the consciousness of most Americans, it, of course, keeps cybersecurity professionals on edge.

Just a few weeks ago, FBI Director Christopher Wray spoke at a House subcommittee on China, warning that the Chinese are “ramping up an extensive hacking operation geared at taking down the United States’ power grid, oil pipelines, and water systems in the event of a conflict over Taiwan.”

A widespread, multiple provider outage for cell service didn’t seem out of reach of the Chinese. But we’ll have to take AT&T’s word for it.

UnitedHealth blames “Nation-State Hackers” for cyberattacks on U.S. pharmacies

If the cell provider outages weren’t concerning enough, on the same day, many pharmacies across the United States could not fulfill prescription requests after a cyberattack. UnitedHealth and its Change Healthcare and Optum subsidiaries could not process prescriptions once they discovered “a suspected nation-state associated cybersecurity threat actor” had access to Change Healthcare’s systems.

As a precaution, Change Healthcare disconnected its compromised systems from other connected data systems. UnitedHealth confirmed that the cyberattack and “network interruption” only impacted Change Healthcare and that all its other systems remain operational.

UnitedHealth is cooperating with law enforcement agencies and working to mitigate the breach. It is unsure if the outage and cyberattack will affect its financial results.

According to Bloomberg, Change Healthcare operates the country's largest medical electronic data interchange (EDI) clearinghouse. The EDI network is a middleman routing claims between insurance companies, doctors' offices, hospitals, and other healthcare providers seeking payment.

BlueCross BlueShield released a statement providing frustrated customers alternative ways to fill prescriptions. “Some pharmacies cannot confirm insurance coverage, which could delay filling or refilling your medications.”

Individuals trying to fill prescriptions during the outage were forced to pay out of pocket, seek reimbursement later, or potentially wait until the issue was resolved. Affected individuals could also try filling their prescription at another pharmacy, according to BlueCross BlueShield.

As of the date of this posting, the issue does not seem to be fully resolved. Experts fear it could last well past this weekend.

“It’s a mess, and I believe it’s our Colonial Pipeline moment in healthcare,” said Carter Groome, chief executive of healthcare-focused consulting firm First Health Advisory, to The Wall Street Journal.

Cybersecurity Headlines

New from our favorite blogs and journalists:

• Meta Staff Found Instagram Tool Enabled Child Exploitation. The Company Pressed Ahead Anyway. (The Wall Street Journal)

• Utilities trade association releases baseline cyber standards for distributed renewable energy (CyberScoop)

• Leaked documents show how firm supports Chinese hacking operations (CyberScoop)

• Microsoft rolls out expanded logging six months after Chinese breach (CyberScoop)

• After LockBit takedown, police try to sow doubt in cybercrime community (CyberScoop)

• Navy building out non-kinetic effects teams: Includes cyber, electronic warfare and/or space capabilities for fleet commanders (DefenseScoop)

• FCC advisory committee to focus on how AI can defend against unwanted calls (FedScoop)

• How your sensitive data can be sold after a data broker goes bankrupt (ArsTechnica)

• Reddit User? Reddit is selling your data in its IPO launch. Reddit cashes in on AI gold rush with $203M in LLM training license fees (ArsTechnica)

• Wyze cameras leak footage to strangers for 2nd time in 5 months (ArsTechnica)

• FTC to ban Avast from selling browsing data for advertising purposes (BleepingComputer)

• Apple adds PQ3 quantum-resistant encryption to iMessage (BleepingComputer)

Until next time…

Rob Waters
Founder, The Breach Report + Cybersecurity Careers Blog