EPISODE · Apr 27, 2026 · 47 MIN
The Change Healthcare Breach | Healthcare Hijacked
from The CISO Signal: True Cybercrime Podcast · host Jeremy Ladner
The Change Healthcare Breach | Healthcare Hijacked🎙 With guest co-hosts Thomas Schwab and Scott Kisser For most people, healthcare feels immediate.A doctor.A prescription.A moment of care.What they don’t see…is everything that has to happen before any of that is allowed to move.Claims must be approved.Payments must clear.Authorizations must pass through systems no patient has ever heard of.At the center of that system sat Change Healthcare.When it worked, no one noticed.In February 2024, it stopped.No zero-day.No advanced exploit.Just stolen credentials…and a remote access portal without multi-factor authentication.Attackers linked to ALPHV/BlackCat logged in.And from there, everything followed.They moved laterally.Exfiltrated sensitive data.And deployed ransomware inside one of the most critical financial pipelines in American healthcare. Pharmacies could not process prescriptions.Providers could not submit claims.Payments froze.Care was not denied.But it was delayed.And delay, in healthcare, carries weight.What followed was not just a breach.It was a system-wide disruption that exposed a hard truth:Modern healthcare does not just depend on technology.It depends on a small number of systems working exactly as expected. In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Thomas Schwab of 1st Cyber Operations Group and Scott Kisser to examine how dependency becomes a weapon, why identity failures now carry systemic risk, and what leaders are forced to decide when every option comes with consequence. Because in cybersecurity, the most dangerous attacks don’t break systems. They use them exactly as designed.🎙 Guest CISO Co-HostScott Kisser:Chief Information Security Office @ SmithRxhttps://www.smithrx.com 🤝 Sponsor ExpertThomas Schwab:Managing Director, 1st Cyber Operations Grouphttps://www.1stCyberOpsGroup.com 1st Cyber Operations Group helps organizations strengthen cyber resilience and incident response readiness, ensuring leaders can make confident decisions under pressure and recover quickly when disruption occurs. 🔎 Episode Topics• How a lack of MFA enabled one of the largest healthcare breaches in history• Why attackers target dependency and not endpoints• Identity as the true perimeter in modern enterprise environments• The operational consequences of ransomware in critical infrastructure• How leaders make decisions when every option carries risk 🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons. ▶️ https://www.youtube.com/@TheCISOSignal💼 https://www.linkedin.com/company/the-ciso-signal🌐 https://www.thecisosignal.com👥 Join the Conversation The CISO Signal Cybersecurity Leadership Forumhttps://www.linkedin.com/groups/17974008 #CISOSignal #ChangeHealthcare #CyberSecurity#Ransomware #HealthcareSecurity #CyberResilience#CISO #TrueCybercrime
What this episode covers
The Change Healthcare Breach | Healthcare Hijacked🎙 With guest co-hosts Thomas Schwab and Scott Kisser For most people, healthcare feels immediate.A doctor.A prescription.A moment of care.What they don’t see…is everything that has to happen before any of that is allowed to move.Claims must be approved.Payments must clear.Authorizations must pass through systems no patient has ever heard of.At the center of that system sat Change Healthcare.When it worked, no one noticed.In February 2024, it stopped.No zero-day.No advanced exploit.Just stolen credentials…and a remote access portal without multi-factor authentication.Attackers linked to ALPHV/BlackCat logged in.And from there, everything followed.They moved laterally.Exfiltrated sensitive data.And deployed ransomware inside one of the most critical financial pipelines in American healthcare. Pharmacies could not process prescriptions.Providers could not submit claims.Payments froze.Care was not denied.But it was delayed.And delay, in healthcare, carries weight.What followed was not just a breach.It was a system-wide disruption that exposed a hard truth:Modern healthcare does not just depend on technology.It depends on a small number of systems working exactly as expected. In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Thomas Schwab of 1st Cyber Operations Group and Scott Kisser to examine how dependency becomes a weapon, why identity failures now carry systemic risk, and what leaders are forced to decide when every option comes with consequence. Because in cybersecurity, the most dangerous attacks don’t break systems. They use them exactly as designed.🎙 Guest CISO Co-HostScott Kisser:Chief Information Security Office @ SmithRxhttps://www.smithrx.com 🤝 Sponsor ExpertThomas Schwab:Managing Director, 1st Cyber Operations Grouphttps://www.1stCyberOpsGroup.com 1st Cyber Operations Group helps organizations strengthen cyber resilience and incident response readiness, ensuring leaders can make confident decisions under pressure and recover quickly when disruption occurs. 🔎 Episode Topics• How a lack of MFA enabled one of the largest healthcare breaches in history• Why attackers target dependency and not endpoints• Identity as the true perimeter in modern enterprise environments• The operational consequences of ransomware in critical infrastructure• How leaders make decisions when every option carries risk 🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons. ▶️ https://www.youtube.com/@TheCISOSignal💼 https://www.linkedin.com/company/the-ciso-signal🌐 https://www.thecisosignal.com👥 Join the Conversation The CISO Signal Cybersecurity Leadership Forumhttps://www.linkedin.com/groups/17974008 #CISOSignal #ChangeHealthcare #CyberSecurity#Ransomware #HealthcareSecurity #CyberResilience#CISO #TrueCybercrime
NOW PLAYING
The Change Healthcare Breach | Healthcare Hijacked
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m