Change Healthcare Forced to Cut IT Systems Following Cyber Attack

Published on
27/02/2024 03:10 PM
Change healthcare cyber attack

A cyber attack on Change Healthcare has impacted over 100 services including dental, pharmacy, medical records, clinical, patient engagement, revenue, and payment services.

The company confirmed the cyber attack on Wednesday morning by updating the status page on its website with a statement on the incident. 

“Change Healthcare is experiencing a network interruption related to a cyber security issue and our experts are working to address the matter," reads the statement.

"Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. The disruption is expected to last at least through the day."

Change Healthcare, headquartered in Nashville, Tennessee, connects payors, providers, and patients through its extensive network and platform. They offer services ranging from revenue & payment cycle management to advanced analytics, ultimately aiming to streamline healthcare and improve patient outcomes.

Change Healthcare Cyber Attack Hits 1 in 3 US Patients

impact change healthcare cyber attack

The company has not yet disclosed the nature of the attack or the extent of the damage though there is speculation of ransomware based on their response of disconnecting affected systems as this is the typical response to such an attack. 

Read: Biggest Cyber Attacks in History

The healthcare giant states that it handles over 15 billion healthcare transactions annually and that one in three US patient records are “touched by [their] clinical connectivity solutions.” 

Change Healthcare’s responsibility for this monumental amount of information makes it a key target for malicious actors. The sensitivity of health data makes it of high value to cybercriminals. Confidential information can be sold by hackers quickly - and for a high price, or companies can be extorted for its safe return. Stolen information can also be ideal for stealing money through tactics like fraudulent billing.

Who was behind the Change Healthcare cyber attack?

The BlackCat ransomware gang initially claimed responsibility for the attack through a website typically used by such groups. However, the validity of this claim has not yet been verified.

UnitedHealth Group, the parent company of Optum, a major Change Healthcare client, suspected a "suspected nation-state associated cybersecurity threat actor" might be behind the attack. They identified the actor on February 21st, 2024. Nation-state actors are governments targeting other countries for various reasons, including espionage or disrupting critical infrastructure.

A recent example of this was the attack on the Ukrainian mobile network operation Kyivstar, which saw Russia-backed hackers disrupt one phone line for millions of people across the country. Kyivstar’s CEO Oleksandr Komarov said the attack was a result of Ukraine’s war with Russia at the time. 

But the possibility of two different actors being involved, or the information from either source being inaccurate, cannot be ruled out completely.

What is the impact of the Change Healthcare cyberattack?

The disruption caused by the cyberattack has had a significant impact on the healthcare system, with some pharmacies being unable to process prescriptions.

Previous cyber attacks on healthcare institutions have been devastating. Just last week, the French medical payment systems Viamedis and Almerys were targeted in a ransomware attack that exposed half of the French population's data

The UK's NHS was also targeted in 2022. In that attack, medical staff were forced to keep patient details on scraps of paper for several months as the attack shut down the service's IT systems. 

Scheurer Health is one of the companies using Change Healthcare that due to a "nationwide outage from the largest prescription processor in North America" was "unable to process prescriptions," later clarifying that patients had the option to pay with cash/credit card if it there was an immediate need.

 Erfan Shadabi, Cybersecurity Expert at comforte AG, believes the cyber attack on Change Healthcare should be a wake-up call for organizations to develop and implement cyber incident response plans, enabling swift action and minimizing damage during a breach. 

"In light of the Change Healthcare cybersecurity incidents, it's imperative for organizations to prioritize the development and implementation of robust cyber incident response plans. These plans serve as critical frameworks for swift and effective action in the event of a breach, minimizing the potential damage and ensuring business continuity," Shadabi told EM360Tech. 

Furthermore, organizations must recognize the importance of investing in data-centric security measures, such as tokenization, to safeguard sensitive information effectively. Tokenization replaces sensitive data with unique tokens, rendering it meaningless to unauthorized users. By adopting such data-centric approaches, even in the event of a breach, organizations can ensure that their data remains secure and protected from exploitation.

"In today's rapidly evolving threat landscape, proactive measures like cyber incident response planning and data-centric security are vital. By integrating these practices into their cybersecurity strategies, organizations can mitigate risks, protect valuable assets, and maintain trust with stakeholders," Erfan Shadabi commented.

The Change Healthcare cyber attack serves as a stark reminder of the vulnerabilities within the healthcare system handling sensitive patient data and the importance of robust cybersecurity measures.

Organizations need to invest in developing and implementing comprehensive response plans, prioritize data security solutions, and remain vigilant against evolving cyber threats. 

Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now