Dear PSM Customers,

In light of the recent cyberattack targeting Change Healthcare, we want to share crucial information and recommendations to help safeguard your networks and data.

What we know today:

Entry Point: The attack utilized a remote monitoring/support tool called ScreenConnect, leveraging common Phishing techniques to gain and elevate privileges into Change Healthcare. It’s important to note that at PSM, we do not use ScreenConnect. Instead, we employ a self-hosted support tool called Nable in our SOC 2 certified Cloud.

Remediation: Many of you may be experiencing disruptions due to severed access to Change Healthcare and Optum networks. This is a standard practice during a cyber incident to limit downstream impacts on customers. If you receive communication from Change Healthcare regarding specific steps, please enter a ticket as assistance is needed.

Ongoing Event: The situation is ongoing, and we are continuously monitoring for additional intelligence that could impact our security configurations. While the attack methods are not new, the scale and scope of the impact are significant. We are prepared to implement any necessary protective measures.

PSM recommendations:

Breach Notifications: Some of you may have received an impacted patient list. We advise holding tight until further information is released on any notifications. If you have specific communications from Change Healthcare, please reach out to your account manager for assistance.

Phishing Awareness: Given the attack’s reliance on common social engineering and Phishing methods, we urge all employees to be diligent in identifying suspicious emails.

SOC/MDR: PSM utilizes Crowdstrike to monitor and protect our systems. If you’re interested in leveraging our tools for monitoring or advanced protection, please reach out for further discussion.

Dark Web Scanning: To address concerns about compromised credentials, we will conduct a one-time scan of your domain using our Dark Web Scanning tools at no cost. This will help identify any impacted usernames or passwords disclosed on the dark web post-attack.

Your security is our top priority. We are committed to supporting you through these challenges and ensuring the integrity of your networks and data.