Hack on Change Healthcare

By: Patrick McGroarty, Clinical Business Analyst

In recent weeks, the healthcare community has faced a sudden cyberattack targeted at Change Healthcare. Change Healthcare is an entity of UnitedHealth responsible for processing billions of healthcare transactions annually between patients, payers, and providers. The business is also responsible for streamlining administrative and financial processes within the healthcare industry such as revenue cycle management, claims processing, and payroll services. In early March, the attack group known as “AlphV” or “BlackCat” gained unauthorized access to Change Healthcare’s networks and infrastructure. The attackers disrupted Change Healthcare’s operations and compromised the security of sensitive patient data. As a result, Change Healthcare has experienced difficulties in processing healthcare transactions, leading to disruptions in payments to healthcare providers and greatly impacting patient care.

In response to this issue, government agencies, such as the Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), have organized methods to assist the affected healthcare providers. Methods such as emergency funding and advance payments are being offered to alleviate cash flow challenges caused by the attack. Additionally, efforts are being made to streamline claims submission processes and deliver uninterrupted care. However, the aftermath of this cyberattack extends beyond immediate financial and operational challenges as the hacker group has now set a dangerous precedent for future ransomware attacks, particularly in the healthcare sector.

So, what may we do to protect our organization and our patients?

First and foremost, we must remain educated in technology. As technology continues to play a vital role in healthcare delivery, ensuring robust cybersecurity protocols remains of the utmost importance. Especially when safeguarding patient data and maintaining the integrity of our systems as we do. SoNE employees can remain educated by paying close attention to the training that is assigned through Knowbe4.com. Knowbe4.com helps our company ensure that SoNE staff understand the importance of cybersecurity so that we may recognize, respond, and react to potential threats. After all, we’re all in this together, and each one of us plays a crucial role in keeping our organization safe.

We may also work to implement practical measures like multi-factor authentication (MFA), keeping our software up to date with the latest security patches, encrypting sensitive data, and developing a robust incident response plan, all essential steps in mitigating risk. This attention to cybersecurity practices and terminology will not only help us at SoNE hold each other more accountable with cybersecurity practices but also safeguards that our third-party vendors meet the organization’s standards as well.

As we work to protect our organization against cyber threats, let’s remember why we’re here in the first place: to provide quality healthcare to our community. By prioritizing cybersecurity, staying communicative, and vigilant against evolving threats, we can uphold our commitment to our patients and guarantee the resilience of our organization in the face of uncertainty. Together, we can take proactive steps today to safeguard our organization’s future, continue providing the care our community relies on, and prevent crises such as the one happening at Change Healthcare from occurring here at SoNE.