After Change Healthcare, more effort needed to avoid cyberattack chain reactions
Photo: Sam Edwards/Getty Images
The knock-on effects of the seismic Change Healthcare cyberattack continue with affected providers hamstrung in their ability to file claims with payers. Prescriptions and drug treatments are postponed for the patients who need them. Prior authorizations are stuck, and clinicians aren't able to share patient data that's been disconnected. There are many stories of practice managers moving back to paper for claims processing. And healthcare organizations of all shapes and sizes are losing revenue by the day.
While Change Healthcare may not be the first cyberattack to cause a massive chain reaction, it's certainly one the biggest and most consequential, given its centrality in processing some 15 million claims across the healthcare ecosystem each year.
The attack, presumed to be the work of ALPHV and its BlackCat ransomware, first affected pharmacies and access to drug treatments nationwide with Change disconnecting their systems. However, healthcare organizations are now straining to operate with the disruption to cash flow and providers are calling government response thus far inadequate.
Other attacks have shown that third-party tools and services pose significant risks to the critical healthcare delivery sector, which is a heavy lift to manage for even the most well-resourced healthcare IT teams.
Last year's attack on MOVEit software hit like a slow burn, releasing new flares as time went on.
On February 1, 2023, Fortra warned customers like Community Health Systems, one of the largest publicly traded hospital systems in the country, about a zero-day remote code injection exploit in its GoAnywhere managed file-transfer platform. Federal agencies then warned the healthcare sector and others about the vulnerability in June.
Meanwhile, thousands of organizations and millions of people worldwide have wound up on the MOVEit hack victims list with each new announcement, like Nuance's in September, and the Clop ransomware group claimed responsibility for the attacks.
The effects of the attack two weeks ago on Change Healthcare, owned by UnitedHealth Group's Optum, represent a formidable assault, says Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.
Healthcare IT News asked Steinhauer about the magnitude of the Change Healthcare breach, what it means for healthcare organizations going forward – and what can be done to protect against similar attacks and their aftereffects in the future.
Q. What makes this attack different in size and scope? Did the hackers know it would be this crippling and widespread when they chose Change?
A. This attack stands out due to its potential magnitude and the critical nature of the healthcare infrastructure it targets.
Change Healthcare's prominence within the healthcare sector suggests that the hackers behind the attack may have strategically selected it for its extensive network and far-reaching influence. While the precise intentions of the hackers remain unclear, the scale of the disruption indicates a sophisticated and well-planned assault.
Whether the hackers fully anticipated the widespread ramifications of their actions is uncertain, but the severity of the attack underscores the importance of robust cybersecurity measures in safeguarding against such threats.
Q. How does this attack compare to the MOVEit transfer cyberattack in 2023, which affected more than 2,000 companies and 62 million-plus people? Do we know how many organizations and people have been affected thus far by the Change Healthcare ransomware attack?
A. Drawing parallels between the current attack and the MOVEit transfer cyberattack of 2023 highlights similarities in potential scope and consequences. However, without precise details on the scale of the Change Healthcare ransomware attack, making a direct comparison is challenging.
While the MOVEit incident affected thousands of companies and millions of individuals, the exact number of organizations and people impacted by the Change Healthcare attack remains undisclosed.
This lack of information contributes to the uncertainty surrounding the extent of the attack's impact and underscores the need for transparency in reporting cyber incidents to better understand their implications.
Q. What lessons can be learned, and what should hospitals, practices and pharmacies do to minimize the fallout and be better prepared going forward?
A. One of the key takeaways from such cyber incidents is the critical importance of robust cybersecurity measures within the healthcare sector.
Hospitals, practices and pharmacies must prioritize investments in cybersecurity infrastructure, including regular data backups, comprehensive employee training on cybersecurity best practices and the implementation of multilayered defense mechanisms to mitigate cyber threats effectively.
Additionally, developing and regularly updating incident response plans is crucial to minimize fallout and ensure swift recovery in the event of an attack. Collaborative efforts among healthcare organizations, government agencies and cybersecurity experts are essential to bolstering resilience against evolving cyber threats.
Q. There have been reports that patient care is suffering because some practices and organizations are struggling to execute workarounds. What should organizations do to ensure that they can safely complete transactions?
A. The reports highlighting the adverse impact on patient care due to operational disruptions stress the urgent need for healthcare organizations to establish resilient contingency plans.
In addition to prioritizing secure communication channels and strict authentication measures, it's imperative for organizations to incorporate robust business continuity plans. These plans should outline strategies for maintaining critical services in the event of extended outages of essential systems, ensuring uninterrupted patient care.
Continuous monitoring of systems and networks, coupled with proactive mitigation efforts, plays a pivotal role in safeguarding patient data and sustaining operational continuity during such challenging times. Furthermore, fostering a culture of cybersecurity awareness among staff members and conducting regular security audits are vital components in bolstering an organization's ability to safely execute transactions and protect patient care amidst operational disruptions.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.