Major healthcare technology vendor Change Healthcare suffered a cyberattack on February 21st that has caused significant disruption across the U.S. healthcare system. Change Healthcare provides critical connectivity and data sharing solutions to hospitals, pharmacies, and health insurance companies. The attack forced the company to take its systems offline, severely hampering operations for its clients and partners.
The impacts of the attack have been far-reaching. Military hospitals and clinics served by Tricare have experienced major delays and disruptions. Up to 67,000 retail pharmacies have faced issues processing prescriptions and insurance claims. And up to 129 million patients may have had their records touched by Change Healthcare’s systems, raising questions about potential privacy violations.
UnitedHealth Group, Change Healthcare’s parent company, disclosed in an SEC filing that the attack is suspected to have been conducted by a nation-state actor rather than a criminal group. This raises alarming concerns about state-sponsored assaults on healthcare infrastructure. The American Hospital Association warned members to disconnect Change Healthcare systems as a safety precaution until the threat is remediated.
The Change Healthcare incident underscores growing cyber threats to the healthcare industry, which houses incredibly sensitive patient data. Providers are bound by HIPAA laws to safeguard health data and report breaches. Investigations will determine if Change Healthcare failed to adequately secure its systems. Regardless, the event shows glaring vulnerabilities in technologies meant to make healthcare operations more efficient. Steps must be taken across healthcare to boost cyber resilience and response plans when inevitable attacks occur. That is the solemn reality we face today.