In a significant cyber security breach that has sent ripples across the U.S. healthcare industry, Change Healthcare’s systems have been down for the seventh consecutive day following a cyber attack by a “suspected nation-state-associated” threat actor. This incident, disclosed by United Health Group, the parent company of Change Healthcare, has severely impacted pharmacies and health systems nationwide, prompting the implementation of electronic and offline workaround solutions to mitigate the effects on operations.
Also Read- Louisiana Murder Suspect Captured in New Orleans Hotel After Daring Escape
The Breach and Immediate Response
United Health Group revealed the cyber intrusion into Change Healthcare’s IT network in a U.S. Securities and Exchange Commission filing, stating that the attack was detected last Wednesday. The company acted swiftly, isolating and disconnecting the affected systems to prevent further damage. Despite the rapid response, the breach has caused widespread disruption, affecting tools essential for payment and revenue cycle management in the healthcare sector.
Nationwide Impact and Workarounds
The fallout from the cyber attack has been profound, with operations at pharmacies and health systems across the country being disrupted. To cope with the situation, United Health reported that over 90% of the nation’s pharmacies have implemented modified electronic claims processing workarounds, while the remaining facilities have resorted to offline systems. Thankfully, provider cash flows have not yet been affected, as payments are typically processed one to two weeks after submission.
United Health’s Efforts and Partnerships
Change Healthcare, a crucial provider of healthcare payment and management tools, merged with Op tum, a United Health Group company, in 2022. United Health has reassured the public that the systems of Op tum, United Healthcare, and United Health Group itself were not compromised in the attack. The company has been collaborating with external partners like Palo Alto Networks and Google Cloud’s Mandiant to thoroughly assess and address the breach.
Also Read- Toyota Recalls Over 380,000 Tacoma Trucks Due to Rear Axle Issue
The Larger Context of Healthcare Cyber security
This incident is a stark reminder of the growing threat of cyber crime in the healthcare sector, with 2023 marking a grim record of 725 large healthcare security breaches. The attractiveness of health data to cyber criminals lies in its high value for crimes such as identity theft and healthcare fraud. The breach at Change Healthcare underscores the urgency for healthcare organizations to bolster their cyber security measures to protect sensitive data and maintain operational continuity.
Responses from Other Healthcare Entities
CVS Health and Walgreens, two of the largest pharmacy chains in the U.S., have also felt the impact of the cyber attack. CVS Health reported disruptions in its business operations due to the inability to process insurance claims in some cases. Walgreens, however, stated that its pharmacy operations and the majority of its prescription processing were not significantly affected, thanks to established contingency procedures.
Also Read-San Francisco Issues Formal Apology to African Americans as a Step Towards Reparations
The Human Impact
For individuals like Cary Braze man, the cyber attack has translated into tangible difficulties in accessing necessary medications. The disruptions have forced patients and healthcare providers to seek alternative solutions, such as obtaining paper prescriptions or paying out of pocket, underscoring the critical need for robust and resilient healthcare IT systems.
Looking Forward
The cyber attack on Change Healthcare serves as a wake-up call for the healthcare industry, highlighting the necessity of investing in comprehensive cyber security strategies and fostering a culture of vigilance among all stakeholders. As healthcare continues to rely more heavily on digital technologies, the sector must prioritize defenses against cyber threats to ensure the safety and well-being of patients nationwide. The collaboration between government entities and private organizations in addressing and mitigating cyber threats is crucial in safeguarding the healthcare ecosystem against future attacks.
