CHL A.I CyberSecurity Scoring
CHL
Company Information
Website:https://www.changehealthcare.com/
Employees number:8
Number of followers:0
NAICS:81
Industry Type:Consumer Services
Homepage:changehealthcare.com
CHL Risk Score (AI oriented)
Between 700 and 749
CHLConsumer Services
Updated:
30/04/2026
30/04/2026
727/1000
Moderate
Ba
CHL Global Score (TPRM)
xxxx
CHLConsumer Services
Score locked

CHLModerate
Current Score
727Ba (MODERATE)
01000
2 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
731
JUNE 2026
730
MAY 2026
728
APRIL 2026
726
MARCH 2026
725
FEBRUARY 2026
724
JANUARY 2026
785
DECEMBER 2025
721
NOVEMBER 2025
784
OCTOBER 2025
717
SEPTEMBER 2025
715
AUGUST 2025
714
DECEMBER 2024
721
Cyber Attack
25 Dec 2024 • CHL
SolarWinds, Kaseya, MoveIt Transfer, PowerSchool, DaVita, NASCAR, Marks & Spencer, Caesars Entertainment and Change Healthcare: Ransomware trends, statistics and facts in 2026
Ransomware Trends and High-Profile Attacks (2024-2025)
697
CRITICAL-24
DAVCAECHAPOWKASFILMARSOLNAS1770898846
Ransomware in 2025–2026: Evolving Threats, Rising Costs, and High-Profile Attacks
Ransomware remains a critical threat to governments, businesses, and critical infrastructure, disrupting healthcare, fuel distribution, retail, and identity security. Financial and operational impacts have intensified, with attackers refining tactics to maximize damage and extortion.
### Key Ransomware Trends
1. Supply Chain Attacks – Threat actors increasingly target software vendors to compromise multiple downstream victims. Notable incidents include:
- 2023 MoveIt Transfer breach (Clop ransomware gang)
- 2021 Kaseya attack (1,500+ MSP customers affected)
- 2020 SolarWinds hack
2. Triple Extortion – Beyond encrypting data and threatening leaks, attackers now demand payment to prevent additional attacks. The Vice Society group used this tactic in its 2023 attack on San Francisco’s BART system. Leading ransomware groups like LockBit 5.0 now use private negotiation portals for targeted extortion.
3. Ransomware-as-a-Service (RaaS) – Cybercriminals lease pre-built ransomware tools and infrastructure, lowering the barrier to entry for attacks.
4. Exploiting Unpatched Systems – While zero-day vulnerabilities draw attention, most ransomware exploits known flaws in outdated software.
5. Phishing & AI-Driven Attacks – Phishing remains a primary infection vector, while generative AI enhances social engineering lures, reconnaissance, and attack automation.
### Ransomware by the Numbers (2025)
- 44% of breaches involved ransomware (Verizon 2025 DBIR), a 37% increase from 2024.
- 88% of SMB breaches included ransomware, compared to 39% in large enterprises.
- 34% rise in attacks in the first three quarters of 2025 (Total Assure).
- 5,010 U.S. incidents in the first 10 months of 2025 a 50% increase from 2024 (Cyble).
- 85% of attacks go unreported (BlackFog).
- Median ransom payment: $267,500 (Palo Alto Networks 2025).
- Average ransom payment: $1 million (Sophos 2025), down from $2 million in 2024.
- Average insurance claim: $292,000 (Coalition 2025), a 7% decrease from 2024.
### Notable 2024–2025 Ransomware Attacks
- PowerSchool (Dec. 2024) – Exposed data of 62M students and 9.5M teachers across North America.
- Yale New Haven Health (Mar. 2025) – Compromised 5.6M patient records; settled a class-action lawsuit for $18M.
- NASCAR (Apr. 2025) – Medusa ransomware gang stole 1TB of data and demanded $4M.
- DaVita (Apr. 2025) – 2.7M patients’ health data exposed by Interlock ransomware.
- Marks & Spencer (May 2025) – Pay2Key ransomware disrupted operations, contributing to a 90% profit drop.
- Ingram Micro (Jul. 2025) – SafePay ransomware caused service disruptions and revenue losses.
- Change Healthcare (2024) – Initially reported 100M+ victims; revised to 193M by mid-2025.
- LoanDepot (2024) – Attack disrupted loan services for 16.6M customers.
- MGM Resorts & Caesars Entertainment (2023) – High-profile attacks crippled Las Vegas casino operations.
### Future Ransomware Predictions
- AI-Powered Automation – Attacks will become faster, more persistent, and harder to detect (Trend Micro).
- Voice-Based Vishing – AI-generated calls will rise as a social engineering tactic (Zscaler).
- Encryption-Free Extortion – More groups will skip encryption, relying solely on data theft threats (SentinelOne).
- GenAI-Enhanced Phishing – AI will enable more convincing, large-scale phishing campaigns.
Ransomware shows no signs of slowing, with attackers leveraging AI, supply chain vulnerabilities, and multi-layered extortion to escalate both frequency and impact.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2024
820
Breach
01 Feb 2024 • CHL
Oracle Health, BST & Co. CPAs LLP and Change Healthcare: HIPAA at 21 Years of Compliance: Why the Security Rule May Be Entering a More Prescriptive Era
HIPAA Security Rule Compliance Gaps and Enforcement Trends (2024-2026)
703
CRITICAL-117
CHABSTORA1777538345
HIPAA Security Rule at 21: Key Lessons from Two Decades of Enforcement and Evolving Threats
April 2026 marks 21 years since the HIPAA Security Rule’s compliance deadline, a milestone coinciding with rising cyberthreats, regulatory scrutiny, and the first major modernization effort in over two decades. As healthcare remains the most targeted industry for privacy and security incidents accounting for the highest percentage of breaches in BakerHostetler’s 2026 Data Security Incident Response Report (DSIR) the rule’s enduring relevance is underscored by persistent compliance gaps and escalating enforcement.
### Core Challenges and Enforcement Trends
The Office for Civil Rights (OCR) has intensified its focus on security risk analysis, a foundational requirement frequently cited in investigations. A recent settlement with business associate BST & Co. CPAs LLP which failed to conduct a proper risk analysis before a ransomware attack resulted in a $175,000 penalty and a two-year corrective action plan. OCR’s Risk Analysis Initiative has led to increased penalties for organizations lacking thorough, enterprise-wide assessments.
Business associates have emerged as a critical vulnerability, responsible for 35% of healthcare incidents in 2025. High-profile breaches, including the Change Healthcare ransomware attack (exposing 192.7 million records) and incidents at Conduent, Episource, and Oracle Health, highlight the risks of third-party access. OCR’s enforcement against business associates surged in 2025, with seven resolution agreements issued between November 2024 and December 2025.
### Operational and Technical Gaps
Despite advances in cybersecurity tools, human error and workforce behavior remain leading causes of breaches. Phishing accounted for 30% of incidents in 2025, while social engineering and unintended disclosures contributed another 16%. OCR’s emphasis on ongoing, role-specific training reflects the need to address evolving threats, including AI-driven attacks that enhance phishing and social engineering tactics.
Encryption has effectively become a baseline expectation, with OCR settlements frequently citing unencrypted devices as a factor in breach severity. Meanwhile, incident response plans must be operational organizations with tested protocols contained breaches faster (average zero days from discovery to containment) and reduced notification timelines (average 59 days from discovery to reporting).
### Regulatory and Operational Pressures
The 2025 healthcare cybersecurity landscape was defined by heightened scrutiny, with state attorneys general (AGs) launching parallel investigations alongside OCR. Ransomware attacks disrupted patient care, with an average 12.7-day restoration period and ransom demands exceeding $18 million (though average payments were $1.15 million). The DSIR notes that dwell time the period between compromise and detection has shortened, forcing organizations to prioritize rapid detection and response over prevention alone.
### The Path Forward
As the Security Rule undergoes potential modernization, healthcare organizations face three critical priorities:
1. Risk Analysis and Management – Conducting comprehensive, enterprise-wide assessments and translating findings into actionable safeguards.
2. Vendor Oversight – Treating business associate risk as enterprise risk, with rigorous due diligence and contractual controls.
3. Operational Resilience – Ensuring incident response plans, workforce training, and encryption practices are tested, documented, and defensible.
The past 21 years have demonstrated that compliance is not a one-time project but an ongoing process one that demands adaptability as threats, technology, and regulatory expectations evolve. With enforcement expectations rising, organizations that invest in governance, documentation, and proactive risk management will be best positioned to navigate the next phase of HIPAA’s evolution.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CHL ??
What was CHL's A.I Rankiteo Cyber Score in June 2026 ??
What was CHL's A.I Rankiteo Cyber Score in May 2026 ??
What was CHL's A.I Rankiteo Cyber Score in April 2026 ??
What was CHL's A.I Rankiteo Cyber Score in March 2026 ??
What was CHL's A.I Rankiteo Cyber Score in February 2026 ??
What was CHL's A.I Rankiteo Cyber Score in January 2026 ??
What was CHL's A.I Rankiteo Cyber Score in December 2025 ??
What was CHL's A.I Rankiteo Cyber Score in November 2025 ??
What was CHL's A.I Rankiteo Cyber Score in October 2025 ??
What was CHL's A.I Rankiteo Cyber Score in September 2025 ??
What was CHL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CHL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CHL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CHL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?