A suspected nation-state threat actor launched a cyberattack on Change Healthcare, a technology services provider for pharmacies, leading to widespread delays for patients seeking prescription refills in the US. This cyber incident, which is believed to be limited to Change Healthcare and has not affected other UnitedHealth entities, began on Feb. 20 and is expected to last until Friday, Feb. 23, as per the company’s predictions.
United HealthCare filed a required 8-K disclosure of the material cyber incident on Feb. 22, stating that Change Healthcare had its systems breached by the suspected nation-state actor, resulting in temporary access until the systems were taken offline.
According to the HIPAA Journal, Change Healthcare manages 15 billion healthcare transactions annually and supports approximately one-third of US patients through its connectivity solutions. Consequently, the company’s systems being pulled offline has triggered widespread delays at pharmacies across the US, prompting retailers to request that customers wait an extra day to refill their medications, if possible, according to reports.
The fallout from this cyberattack may not be limited to service delays, as it could also have exposed patient data. Nick Tausek, a leak security automation architect at Swimlane, highlighted the potential implications of the attack on patient data and sensitive information. He emphasized that Change Healthcare deals with patient payments across the healthcare sector and has access to medical records, underscoring the real-world impact of cyberattacks on human health.
The healthcare sector as a whole is particularly susceptible to cyberattacks and breaches due to its reliance on third-party data management processors like Change Healthcare. The recent acquisition of Change Healthcare by UnitedHealth Group in 2022 may have also made its systems a prime target for threat actors. Tausek pointed out that the period during and following mergers and acquisitions can be vulnerable to attacks, especially with advanced attackers taking advantage of internal upheaval caused by efforts to integrate systems, streamline operations, and increase efficiency.
Javvad Malik, lead security awareness advocate at KnowBe4, stressed the need for the healthcare industry to proactively strengthen its cybersecurity posture in light of this incident. He emphasized that the healthcare sector continues to be a prime target for cybercriminals, making it crucial for healthcare providers to not only react effectively to threats but also work proactively to fortify their systems against future attacks. As the incident serves as a stark reminder of the ever-present threats facing the healthcare sector, healthcare organizations should prioritize enhancing their security measures.
In conclusion, the cyberattack on Change Healthcare has not only resulted in widespread service disruptions at pharmacies but has also raised concerns about the exposure of patient data. It underscores the vulnerability of the healthcare sector to cyber threats and the need for proactive measures to safeguard sensitive information and ensure the continuity of critical healthcare services.