After Change Healthcare, more efforts were needed to prevent chain reactions of cyber attacks

The domino effects of Change Healthcare’s seismic cyberattack continue, crippling affected providers’ ability to submit claims to payers. Prescriptions and drug treatments are postponed for the patients who need them. Prior authorizations freeze and physicians cannot share disconnected patient data. There are many stories about practice managers going back to paper for claims processing. And healthcare organizations of all shapes and sizes are losing revenue every day.

While Change Healthcare may not be the first cyberattack to cause a massive chain reaction, it is certainly one of the largest and most consequential given the central role it plays in processing some 15 million claims in the healthcare ecosystem each year.

The attack, believed to be the work of ALPHV and its BlackCat ransomware, first affected pharmacies and access to drug treatments across the country, with Change disconnecting their systems. However, healthcare organizations must now do their best to deal with the disruption to cash flow and calls from healthcare providers The government’s response so far has been inadequate.

Other attacks have shown that third-party tools and services pose significant risks to the critical healthcare industry, which is a heavy burden to manage even for the best-resourced healthcare IT teams.

Last year’s attack on the MOVEit software took hold slowly, releasing new flares as time passed.

On February 1, 2023, Fortra warned customers such as Community Health Systems, one of the nation’s largest publicly traded hospital systems, about a zero-day exploit for injecting remote code into its GoAnywhere-managed file transfer platform. Federal agencies then warned the health care industry and others about the vulnerability in June.

Meanwhile, thousands of organizations and millions of people around the world have found themselves on the MOVEit hack victim list with each new announcement, such as Nuances in September, and the Clop ransomware group claimed responsibility for the attacks.

The fallout from the attack two weeks ago on Change Healthcare, owned by UnitedHealth Group’s Optum, represents a formidable attack, said Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.

Healthcare IT news asked Steinhauer about the scope of the Change Healthcare breach, what it means for healthcare organizations going forward – and what can be done to protect against similar attacks and their aftermath in the future.

Q. What makes this attack different in size and scope? Did the hackers know it would be so crippling and widespread when they chose Change?

A. This attack is notable for its potential scale and the critical nature of the healthcare infrastructure it targets.

Change Healthcare’s prominent role within the healthcare industry suggests that the hackers behind the attack may have strategically selected the company for its extensive network and far-reaching influence. While the hackers’ precise intentions remain unclear, the scale of the disruption suggests a sophisticated and well-planned attack.

Whether the hackers fully anticipated the widespread consequences of their actions is uncertain, but the severity of the attack underlines the importance of robust cybersecurity measures to protect against such threats.

Q. How does this attack compare to the 2023 MOVEit transfer cyber attack, which affected more than 2,000 companies and over 62 million people? Do we know how many organizations and people have been affected by the Change Healthcare ransomware attack so far?

A. Drawing parallels between the current attack and the 2023 MOVEit transfer cyber attack highlights similarities in potential scale and consequences. However, without precise details on the scale of the Change Healthcare ransomware attack, making a direct comparison is challenging.

While the MOVEit incident affected thousands of companies and millions of individuals, the exact number of organizations and people affected by the Change Healthcare attack remains unknown.

This lack of information adds to the uncertainty about the extent of the attack’s impact and underlines the need for transparency in reporting cyber incidents to better understand their implications.

Q. What lessons can we learn, and what should hospitals, practices and pharmacies do to minimize the impact and be better prepared in the future?

A. One of the key lessons from such cyber incidents is the critical importance of robust cybersecurity measures within healthcare.

Hospitals, practices and pharmacies should prioritize investments in cybersecurity infrastructure, including regular data backups, comprehensive employee training on cybersecurity best practices, and implementation of multi-layered defenses to effectively mitigate cyber threats.

Additionally, developing and regularly updating incident response plans is critical to minimize impact and ensure rapid recovery in the event of an attack. Collaborative efforts between healthcare organizations, government agencies, and cybersecurity experts are essential to increasing resilience against evolving cyber threats.

Q. There are reports that patient care is suffering as some practices and organizations struggle to implement workarounds. What should organizations do to ensure they can complete transactions securely?

A. The reports highlighting the negative impact on patient care due to operational disruptions highlight the urgent need for healthcare organizations to establish resilient contingency plans.

In addition to prioritizing secure communication channels and strict authentication measures, it is imperative for organizations to incorporate robust business continuity plans. These plans should outline strategies for maintaining critical services in the event of extended outage of essential systems, ensuring uninterrupted patient care.

Continuous monitoring of systems and networks, coupled with proactive mitigation efforts, plays a critical role in protecting patient data and maintaining operational continuity during such challenging times. Additionally, fostering a culture of cybersecurity awareness among employees and conducting regular security audits are essential components in strengthening an organization’s ability to securely transact and protect patient care amid operational disruptions.

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.