Health Tech Giant Change Healthcare Falls Victim to Cyberattack

A major cybersecurity breach by the ALPHV ransomware group impacted several major services

PUBLISHED MAR 1, 2024

Cover Image Source: Major US Health Tech Firm Change Healthcare Suffers Cyberattack | Getty Images | Photo by Justin Sullivan

In a significant blow to the US healthcare sector, a prominent health tech company, Change Healthcare, has fallen victim to a cyberattack, causing widespread disruption in patient services, billing processes, and security concerns. The attack, initiated by the ransomware group ALPHV, has raised alarms across the healthcare industry. Change Healthcare, owned by UnitedHealth Group is responsible for managing health tech pipelines and processing a staggering 14 billion transactions annually. The incident has impacted billing and care authorization portals nationwide, prompting concerns about the compromised security of patients' information. The company, in a statement, assured that patient care remains its top priority and that multiple workarounds are in place to ensure continued access to medications and necessary care.

A physician assistant of family medicine, wears a stethoscope during an examination | Getty Images | Photo by Joe Raedle — Cyberattack Hits Change Healthcare | Getty Images | Photo by Joe Raedle

The immediate fallout of the cyberattack is evident in delays in prescription services, affecting numerous pharmacies across the country. American Hospital Association spokesperson Ben Teicher noted that most affected pharmacies are resorting to manual processes, like writing things down, to cope with the disruption. However, the true extent of the situation is still unfolding, with hospitals facing challenges in processing claims, billing patients, and checking insurance coverage for care.

Change Healthcare's investigation revealed that the ransomware attack not only targeted its systems but also impacted Optum, UnitedHealthcare, and UnitedHealth Group systems. The company did not disclose whether a ransom was paid or negotiations took place with the attackers. The severity of the situation prompts concerns about potential long-term consequences, including the ability of hospitals to make payroll and patients experiencing delays in service approvals.

According to the American Hospital Association, hospitals are grappling with broader issues resulting from the cyberattack, such as difficulties in processing claims, billing patients, and verifying insurance coverage. Bea Grause, president of the Healthcare Association of New York State, reported that health systems are encountering challenges in verifying patient eligibility, communicating pharmacy prescriptions, filing claims, and maintaining normal cash flow to support operations.

Several major healthcare providers, operating across multiple states, refrained from commenting on the incident. Cybersecurity experts have noted a significant increase in ransomware attacks in recent years, particularly targeting the healthcare sector. This incident follows a cyberattack last month on a children's hospital in Chicago, which necessitated the shutdown of phone, email, and medical records systems.

The seal of the F.B.I. hangs in the Flag Room at the bureau's headquaters | Getty Images | Photo by Chip Somodevilla — The seal of the F.B.I. hangs in the Flag Room at the bureau's headquarters | Getty Images | Photo by Chip Somodevilla

The FBI, while acknowledging awareness of the incident, did not confirm or deny an ongoing investigation. Allan Liska, a threat intelligence analyst at Recorded Future, commented on the containment efforts, stating, "As far as we can tell, the attack is being contained." However, concerns persist about the potential prolonged impact on patient care, especially if critical systems remain down for an extended period.

Healthcare cybersecurity has over 540 organizations reporting breaches impacting a staggering 112 million individuals to the HHS Office for Civil Rights (OCR). Among the notable incidents, HCA Healthcare, a major healthcare organization, reported a breach affecting 11.27 million individuals. The unauthorized theft of information used for patient email communications raised concerns, although HCA assured no disruptions to operations or care occurred.

Perry Johnson & Associates (PJ&A), a medical transcription service, disclosed an impactful breach in May, affecting 8.95 million individuals. The unauthorized access to PJ&A's systems potentially exposed sensitive health information, leading to repercussions for healthcare organizations like Cook County Health and Northwell Health. Managed Care of North America (MCNA), a dental benefits administrator, faced a significant data breach impacting 8.86 million individuals. The breach, attributed to the LockBit ransomware group, highlighted the vulnerability of healthcare organizations to malicious attacks. Amidst these breaches, the recent cyberattack on UnitedHealth Group's subsidiary, Change Healthcare, adds another layer of concern.