UnitedHealth, one of America’s largest healthcare companies, recently fell victim to a cyberattack that disrupted its systems for a period of two weeks. The attack targeted Change Healthcare, a payment and prior authorization processing system used by hospitals, physicians’ offices, and pharmacies. As a result, the Department of Health and Human Services (HHS) has stepped in to help healthcare providers find alternative platforms for claim processing.
The cyberattack was carried out by a well-known ransomware group called BlackCat, which has ties to Russia. Although the FBI has been aware of this group and even managed to breach their operations in the past, they have been unable to shut them down completely. BlackCat has previously targeted various healthcare organizations, and this recent attack on Change Healthcare has further highlighted the need for increased vigilance in healthcare security.
According to reports, BlackCat was able to obtain up to six terabytes of data from UnitedHealth and received a ransom payment of $22 million in bitcoin. However, it remains unclear where the bitcoin came from, and UnitedHealth declined to comment on whether they paid the ransom. Despite the attack, UnitedHealth claims that 90% of all claims are still being processed uninterrupted by health providers. The company has made efforts to provide workarounds and temporary solutions to bring back pharmacy, claims, and payment systems online.
While larger healthcare systems with multiple vendors or sufficient financial resources have been able to pivot quickly to other platforms, smaller systems heavily reliant on Change Healthcare have suffered the most. However, even those with backup systems in place are not entirely unaffected by the attack. Aneesh Chopra, former chief technology officer of the United States and current co-founder and president of CareJourney, believes that this incident is possibly the first instance in which an outage at the interoperability layer compromises the performance of a healthcare system.
The cyberattack on UnitedHealth’s subsidiary serves as a wake-up call for the healthcare industry, emphasizing the urgent need for increased vigilance in security measures. As technology continues to play a significant role in healthcare operations, it is crucial for organizations to invest in robust cybersecurity systems and protocols. This incident highlights the vulnerability of healthcare systems to cyber threats and the potential consequences of such attacks on patient care and data security.
In conclusion, the recent cyberattack on UnitedHealth’s subsidiary has shed light on the importance of prioritizing cybersecurity in the healthcare industry. The attack targeted Change Healthcare, a crucial payment and prior authorization processing system, leading to disruptions in healthcare operations. While efforts have been made to mitigate the impact and find alternative platforms, the incident serves as a reminder that healthcare organizations must remain vigilant in protecting their systems and data from cyber threats. With the increasing reliance on technology, investing in robust cybersecurity measures is essential to ensure the integrity and continuity of healthcare services.