The Change Healthcare Outage: What to Know and What to Do

It’s what every healthcare provider fears: a devastating cyberattack that threatens to release the information of countless patients. You may have heard of the Change Healthcare Outage, a Blackcat ransomware attack in which a group claimed to steal 6TB of data. The attack reportedly affected health care authorization portals, leading to a range of issues:

  • Prescription backlogs
  • Missed revenue for providers
  • Threats to worker paychecks and patient care

The attack was powerful enough to prompt calls-for-action from leading politicians, like Senate Majority Leader Chuck Schumer of New York. In March, Dr. Jesse Ehrenfeld, president of the American Medical Association, issued a statement calling it “an immense crisis demanding immediate attention.” Otherwise, warned Ehrenfeld, there could be “wide-ranging repercussions” to physician practices nationwide.

What exactly does this attack look like, and what do you need to know to help protect your data?

The Change Healthcare Outage: What You Need to Know

The attack was discovered in late February 2024, with UnitedHealth Group noting, “we discovered a threat actor gained access to one of our Change Healthcare environments.” Once they noticed the issue, they took immediate action to disconnect Change Healthcare’s systems, hopefully preventing further damage.

But a great deal of damage had already been done. Most impacted is the revenue cycle: many physicians’ practices were not able to and some still cannot submit claims, according to the AMA. The fallout of the attack interrupted administrative and billing processes. Additionally, many practices are scrambling.

Imagine a $5 billion hospital system that has trouble submitting claims—unable, in some cases, to get paid for three weeks. That could represent hundreds of millions of dollars of lost revenue. And it’s money they can’t pay out to staff, suppliers, or partners. It becomes more than just a data breach. It threatens the stability of our healthcare system.

Some hospitals are using workarounds to get payments flowing. But these last several weeks have been such a bad situation for hospitals, they’re not likely to forget its lessons anytime soon:

  • Vulnerability: Many people are realizing just how vulnerable healthcare organizations are. If this is the fallout from one targeted attack on a healthcare provider, what might it mean if there are attacks in the future even larger in scale? In particular, hospitals unable to pay staff and partners have seen how quickly the money flow can dry up in these situations.
  • Increased investment: Expect hospitals and healthcare systems to start demanding more—more cybersecurity, more resilience, and more action plans on paper for the future. This will take time and money as more investment moves to cybersecurity.
  • Embracing new technology: For most organizations, their current cybersecurity infrastructure has holes. Healthcare is behind most industries when it comes to security technology however statistics show they are also one of the most targeted industries. Security tools are evolving, including most solutions now utilizing AI and healthcare MUST keep up. If the “bad actors” are using AI, the “good guys” must utilize the technology as well to stay ahead of threats.

How can organizations implement a plan that works for them and avoid security lapses in the meantime? The NIST Cybersecurity framework is often a good place to start.

Next Steps: Creating a Plan of Attack in Dealing with Ransomware

The NIST cybersecurity framework simplifies technology planning and implementation, with suggestions to guide your security journey.

Identify: The first step is the awareness phase. You’ll need to compile a list of all software, data, equipment, and even point-of-sale devices with access to your healthcare data. Laptops and smartphones would fall under this category, as well.

Organizations must now go beyond identification to policy with two key areas:

  • What are the roles and responsibilities for anyone in the organization: employees, vendors, or anyone with access to key data. What can they access and how often are you checking this access?
  • Future steps you’ll want to take if a ransomware attack occurs, including handling fallout from the damage.

Protect: there are multiple steps to protect your data once you’ve established what it is and where it’s accessed. You can control who can log onto your network, for example. You should also take steps to include the following:

  • Regular backing up of data (including an air-gapped copy) not connected
  • Updating security software, or turning on “automated” features for software updates
  • Instituting written policies for getting rid of old devices and electronic files in a way that won’t compromise your security
  • Ongoing training to ensure that everyone knows both how to implement cybersecurity—and why it’s so important

Detect: Now we’re moving into the stage of the framework in which you’re taking daily action—or at least the tools at your disposal are doing so. Detection is about continual monitoring of devices, networks and infrastructure for unauthorized access.

Remember when we mentioned that tools can seamlessly fit into this framework? For example, consider a platform tool like Darktrace or Fortinet and specific point products like Abnormal Software or Microsoft Defender for email security and even Palo Alto for medical device security. These security companies are on the forefront of AI cybersecurity utilization for detection and prevention of threats. This technology can often “learn” and create a better “understanding” of your organization, creating better alerting for unusual activities by network or staff. This automation can help your team focus on specific needs of security while it does the majority of the work in the background.

Respond: Ideally, the first three steps of the framework should be all you need. But in the case of a cyberattack, you’ll need a plan in place for response including:

  • Investigating and diagnosing the attack so you can contain it as soon as possible
  • Keeping your business operations up and running—which as we saw in the wake of the Change Healthcare Attacks can be a major problem even at massive hospital systems
  • Notifying any relevant employees, vendors, patients, etc.

The Change Healthcare Outage is just the latest reminder that the importance of a strong cybersecurity framework in healthcare is key to patient care and overall survival of the industry. These periodic reminders are the ideal times to update your approach to cybersecurity using better framework approaches—and better tools. Contact Comport for a security assessment today.

Extend the capabilities of your IT team with Comport’s technology services and solutions.

Contact an expert

                        Register Below

                        [text* first-name placeholder "First Name" akismet:author]

                        [text* last-name placeholder "Last Name" akismet:author]

                        [email* email placeholder "Email" akismet:author_email]

                            ComportSecure Streamlines Managed IT Services

                            Take advantage of ComportSecure’s comprehensive managed cloud services and team of experts to transform your cloud. Contact us today to take your cloud solutions to the next level.