When it comes to cybersecurity vulnerabilities, every organization. In fact, over the last several years, major attacks have occurred in a variety of sectors, resulting in some seriously negative outcomes. In some instances, cybersecurity breaches have allowed data to get into the wrong hands, while firms and governments have been held hostage as a result of malicious ransomware attacks. It has now become increasingly evident that healthcare systems are particularly vulnerable in this area. As such, cybersecurity threats in healthcare are on the rise, as demonstrated by a recent attack on a New York state pharmaceutical platform. The events that have followed highlight the impact of cybersecurity attacks on healthcare entities today. And it also stresses the importance of investing in comprehensive cybersecurity protections.
(The latest Beatles song was created with the help of AI–read all about the magic in this Bold story.)
The recent cybersecurity breach was one that affected Change Healthcare, a platform that handles billions of pharmaceutical prescriptions. In its wake, hundreds of pharmacies were unable to verify medication coverage for its customers. This meant that pharmacies or patients might potentially be facing out-of-pocket costs if such coverage was lacking. Notably, this could result in serious harm to many whether it be financial or health-related. This is just one example of the impact of cybersecurity attacks on healthcare could have on our lives. Of course, other negative effects could also occur from such events including exposure of private healthcare data. This is why the cybersecurity threats in healthcare should be taken seriously with effective strategies put into place.
Holding Healthcare Hostage
The most recent major cybersecurity attack making headlines involved one targeting Change Healthcare. Change Healthcare is a division of Optum and owned by United health Group. As a major healthcare management platform, Change Healthcare handles about 15 billion transactions a year involving pharmacy orders. Providers submit prescriptions through platform, and these are then evaluated for insurance coverage. If covered, insurers are billed accordingly, and pharmacists are notified of coverage. If not, patients are obligated to pay or choose not to fill the prescription. In addition, Change Healthcare also manages manufacturers discounts on medications as well as discounts. Understandably, this is a major pharmaceutical platform that’s exposed to significant cybersecurity threats in healthcare. And on 2/21/24, the impact of cybersecurity attacks on healthcare were felt by the Change Healthcare organization.
The suspect involved in these recent cybersecurity threats in healthcare is Blackcat, which is also known as ALPHV. These are well-known ransomware operators that have forced systems to pay hundreds of millions of dollars in platform ransoms. Though details of the potential ransom against Change Healthcare are not yet known, it’s undoubtedly substantial. This is reflected by the extensive investigation that’s ongoing. In addition to Change Healthcare experts, the U.S. Department of Justice and Mandiant and Palo Alto Network consultants are involved. Of course, the impact of cybersecurity attacks on healthcare in this case extend beyond the financial. Given that Change Healthcare handles about a third of all patient records in New York, data breaches represent privacy concerns as well. This highlights the leverage that groups like Blackcat exploit.
The Downstream Impact of Cybersecurity Attacks on Healthcare
Change Healthcare is in a position to lose a significant amount of money to ransom as well as its reputation. But it’s not the only one affected by cybersecurity threats in healthcare like this one. Patients, pharmacists, and even healthcare systems are also at risk. In the current cybersecurity attack, pharmacists were unable to tell who did and didn’t have insurance coverage for prescriptions. Some took chances and filled prescriptions understanding they may be financially liable. Others passed along the lack of knowledge to patients requiring them to pay up front or acknowledge their potential obligations later. In essence, pharmacists as well as patients were blindly operating in the aftermath of the cybersecurity attack on Change Healthcare.
As days passed after the cybersecurity attack, pharmacists took to different strategies to solve their dilemma. Some went to manual systems, which in today’s age of digital transactions was cumbersome and highly inefficient. Others went to other platforms that performed many of the same processes as Change Healthcare. Relay is such a platform, but compared to Change Healthcare, Relay has many shortcomings. Specifically, it was less adept at processing discounts and coupons as well as vaccine coverage. In the meantime, Change Healthcare released a new “instance” of its platform that was unaffected by the malware. Though it has not encountered issues to date, it is certainly not as robust as the original platform. As is evident, the cybersecurity threats in healthcare from a single attack like this one is profound.
(The world is inching closer to a digital currency–read up on it in this Bold story.)
Dynamic Problems Require Dynamic Solutions
The cybersecurity threats in healthcare in many ways are not different than those involving other sectors. Ransomware and other cybersecurity strategies are highly dynamic and constantly changing. As a result, solutions and protections against these attacks must also be highly adaptable and up-to-date. This is essential in winning the war against ransomware and cybersecurity vulnerabilities. However, the impact of cybersecurity attacks on healthcare systems is more complicated. The lack a single interoperable system means that individual systems may be more vulnerable to attacks. Likewise, these fragmented networks contain profound amounts of personal data. This not only involves health data but financial information sets as well. This makes such systems excellent targets for ongoing cybersecurity threats in healthcare.
As far as the state of New York is concerned, the governor is mandating new regulations. These are supposed to mitigate cybersecurity threats in healthcare throughout the state. As part of this plan, the state is providing hospitals with an aggregate sum of $500 million for support. But such efforts may not extend to platforms like Change Healthcare that operates separately from hospitals. Likewise, cybersecurity protections for such entities is not a single intervention but one that demands constant surveillance. Given the potential impact of cybersecurity attacks on healthcare, these types of investments should be a priority regardless. The risks and vulnerabilities are high, and failure to plan accordingly could be devastating for many.
Are We Losing the War Against Ransomware? Read More in This Bold Story!