Change Healthcare Cyberattack: What We Know

The cyberattack on Change Healthcare has sent shockwaves through the healthcare industry, disrupting operations for pharmacies, providers, and patients. In this blog, we discuss the impact of the cyberattack as well as the drama surrounding it.

by | Mar 28, 2024 | Tech Insights

Managed IT Services
A recent cyberattack on Change Healthcare, a unit of UnitedHealth Group’s Optum, has dealt a staggering blow to the U.S. healthcare system. The attack has reverberated across the industry, causing major disruptions for pharmacies, providers, and patients alike, marking it as one of the most significant incidents in the history of U.S. healthcare cybersecurity.

Impact on the Healthcare Industry

Change Healthcare, the targeted company, processes over 14 billion clinical, financial, and operational transactions annually. The attack, which occurred on February 21, has left healthcare providers struggling to recover, with communication systems down and electronic billing systems offline. As a result, providers are resorting to paper claims, leading to delays in payments and significant financial burdens on both providers and patients.

Patients are facing challenges in accessing vital prescriptions, as pharmacies are unable to bill insurance plans. Many people have resorted to paying out of pocket for essential medications, underscoring the immediate impact of the cyberattack on healthcare access and affordability.

The financial repercussions of the attack are staggering, with some hospitals reporting a revenue impact exceeding $1 million per day. The attack has not only exposed vulnerabilities in the healthcare system’s cybersecurity infrastructure but also highlighted the financial risks associated with cyber incidents in the healthcare industry.

Recovery Efforts

In response to the attack, Change Healthcare aims to restore its clinical exchange service, payer connectivity, and hosted payer services by the week of April 1. Additionally, the company plans to restore its Risk Manager and Health QX products by April 8, signaling a concerted effort to recover from the attack and mitigate its impact on the healthcare ecosystem.

Ransomware Payment Drama

The aftermath of the cyberattack on Change Healthcare has been marked by a dramatic twist involving the ransom payment. On March 1, a Bitcoin address linked to AlphV received 350 bitcoins, equivalent to approximately $22 million at the time. However, two days later, an individual claiming to be an affiliate of AlphV posted on the cybercriminal forum RAMP, alleging that AlphV had cheated them out of their share of the ransom.

The affiliate, known as “notchy,” accused AlphV of keeping the entire $22 million ransom from Change Healthcare, instead of sharing the profits as agreed upon. Notchy’s disclosure revealed that during their infiltration of Change Healthcare’s network, they also gained access to data from several other healthcare firms partnered with the company. Particularly impactful was their claim to have breached Teachers Health Trust, the insurance provider for CCSD’s teachers. This development raises concerns about potential additional demands for payment or independent data leaks by the affiliate, even if Change Healthcare did pay the ransom. This incident underscores the volatile nature of ransomware attacks and the complex web of actors involved in such cybercrimes.

Lessons Learned and Future Considerations

As the healthcare industry grapples with the fallout from the Change Healthcare cyberattack, it serves as a stark reminder of the critical importance of cybersecurity in safeguarding patient data, ensuring continuity of care, and protecting the financial integrity of healthcare providers. The incident underscores the need for robust cybersecurity measures, including regular security audits, employee training, and investment in advanced threat detection and response capabilities, to defend against increasingly sophisticated cyber threats.

The cyberattack on Change Healthcare has highlighted the dangerous precedent that could be set by paying a ransom. If the reported $22 million ransom was indeed paid, it not only represents a massive payday for the hackers but also sets a dangerous precedent for the healthcare industry. Each ransomware payment fuels future attacks by the group responsible and encourages other cybercriminals to follow suit. The potential for large financial gains could incentivize repeated attacks on healthcare organizations, leading to a cycle of extortion and disruption that threatens patient care and data security.

To protect patient data and ensure uninterrupted care, healthcare organizations must prioritize cybersecurity in the face of evolving cyber threats.