Understanding the Change Healthcare Cyberattack: Lessons Learned and Moving Forward

On February 21, 2024, the healthcare sector witnessed one of the most disruptive cyberattacks in history when Change Healthcare, a subsidiary of UnitedHealth Group, fell victim to a large-scale ransomware attack. This attack not only compromised sensitive patient data but also brought essential medical services to a halt, impacting millions of healthcare providers and patients across the United States.

Summary of the Cyberattack:

Change Healthcare, a vital platform for managing health insurance billing and payments that touches 1 out of every 3 medical records in the US, was infiltrated by the BlackCat ransomware group, also known as ALPHV. The attackers gained unauthorized access to Change’s network through compromised credentials on a remote access application. Despite the potential for multifactor authentication, it was not enabled on this particular application, leaving a vulnerability exploitable by cybercriminals. This scenario highlights how vital it is to maintain visibility on potentially breached credentials for all organizations, as well as ensure all security controls are periodically audited to avoid exceptions such as this one.

In an address to Congress on May 1st, the CEO of UnitedHealth Group, Andrew Witty, confirmed that the attackers were in the system for 9 days before deploying ransomware. The attackers deployed ransomware, encrypting sensitive data, and disrupting essential operations across Change Healthcare’s system. As a result, over 100 services were shut down, causing significant financial losses for healthcare providers who rely on Change’s services for billing, prescription management, and claims processing. The attack also led to operational challenges, with smaller providers facing the brunt of the impact, including potential closures and financial hardships.

Response and Fallout:

In response to the attack, Change Healthcare took immediate action to disconnect affected services and mitigate further damage. However, the fallout from the cyberattack was extensive, with healthcare organizations struggling to maintain operations and provide essential care to patients. UnitedHealth Group, the parent company of Change Healthcare, confirmed the payment of a ransom, reportedly around $22 million, to the attackers to restore access to encrypted data.

Despite efforts to restore services and provide financial assistance to affected providers, the long-term implications of the cyberattack remain uncertain. Many healthcare entities, especially smaller providers, and rural hospitals, continue to face challenges in recovering from the attack and ensuring the continuity of care for their patients.

Lessons Learned and Moving Forward:

The Change Healthcare cyberattack highlights the critical need for proactive cybersecurity measures and robust incident response plans in the healthcare sector. Organizations must prioritize the protection of sensitive data, implement multifactor authentication, and regularly update security protocols to prevent future attacks.

Additionally, there is a pressing need for comprehensive business impact analyses (BIAs) to identify mission-critical systems and develop contingency plans for mitigating the impact of cyber incidents. BIAs can help healthcare entities assess their vulnerabilities, prioritize remediation efforts, and ensure the resilience of their operations in the face of cyber threats.

Convergence Networks: Leading the Way in Cybersecurity Solutions

At Convergence Networks, we understand the importance of proactive cybersecurity measures and effective incident response planning in safeguarding healthcare organizations against cyber threats. Our team of experienced professionals specializes in managed IT services and IT support, with a security first mindset. This means we offer tailored solutions to our clients to protect against ransomware attacks, data breaches, and other cybersecurity risks.  In addition, we have experienced and credentialed security experts who can help ensure security is appropriately balanced with operations to keep the organization running smoothly.

We work closely with our clients to assess their security posture, identify vulnerabilities, and implement robust security measures to mitigate risks effectively. From implementing multifactor authentication to conducting thorough business impact analyses, we empower healthcare organizations to strengthen their cybersecurity defenses and safeguard sensitive patient data.

Moving forward, Convergence Networks remains committed to helping organizations navigate the evolving threat landscape and mitigate the risk of cyberattacks. The Change Healthcare cyberattack serves as a reminder of the growing threat posed by cybercriminals to the healthcare sector. As organizations grapple with the aftermath of this unprecedented attack, it is essential to learn from the incident, implement proactive cybersecurity measures, and prioritize the protection of sensitive patient data. Contact us today to learn how we can assist you in strengthening your cybersecurity defenses.

Sources: Laporte, SCMagazine, UnitedHealth Group, WSJ Pro, Healthcare Exec Intelligence


Contact Us
Get Started
Contact Our CLIENT
Support Team
Get connected With
Remote Access

To connect, please enter the 6-digit code given to you by your Network Administrator: