April 1, 2024 By Jennifer Gregory 3 min read

Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications.

Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.

Ransomware attacks shut down systems for weeks

Earlier this month, Change Healthcare was the victim of a ransomware attack by ALPHV, also known as BlackCat. Change Healthcare provides pharmacy claims transactions, provider claims processing, patient access and financial clearance, provider payments, authorizations and medical necessity reviews. Every year, Change processes 15 billion healthcare transactions and touches one in three patient records.

According to Change Healthcare’s statement on their website, when they discovered that a threat actor gained access to one of their environments, they disconnected their systems to limit the impact. The attack caused Change to shut down for several weeks. While some services are back online, Change Health is currently working on getting all operations up and running again. During this time, providers, including hospitals, pharmacies and private practices, were unable to access the systems to perform functions, including getting reimbursed for patient services and preauthorization for patients.

According to Wired, UnitedHealth, which owns Change Health, reportedly paid $22 million in ransom. Although ALPHV’s dark web sites and decryption keys were seized by the FBI in December 2023, the organization still managed to pull off one of the most disruptive healthcare attacks only a few months later. ALPHV’s dark website recently listed 28 other corporate victims of their attacks.

Read the Threat Intelligence Index report

Attack causes trickle-down effect

One of the most damaging parts of the cyberattack is the trickle-down effect from Change to providers to patients. Cybersecurity Dive uncovered a range of impacts, from providers not seeing new patients due to not being able to verify insurance eligibility to hospitals unable to use their typical billing processes. Pharmacists cannot accurately determine patient copays, resulting in them either taking estimated payments or requiring patients to pay the full amount for their medications.

Many providers are struggling to pay their expenses without insurance reimbursement for services. Molly Fulton, the Chief Operating Officer at Arlington Urgent Care, told the New York Times that their five urgent care centers had around $650,000 in unpaid insurance reimbursements. To stay open, the owners are using their personal savings and opening lines of credit through their bank to cover employee paychecks, rent and other business expenses.

Healthcare remains one of the industries most targeted by cyber criminals. The IBM X-Force Threat Intelligence Index 2024 reported that healthcare is the third-most targeted industry in North America, moving up from fourth place the previous year. The majority of healthcare incidents (43%) involved threat actors using legitimate tools for malicious purposes, while spam campaigns and malware cases each accounted for 29% of incidents.

The impact of the attack going forward

As Change Healthcare continues to get its systems back online, many questions still remain unanswered, such as what the organization’s liability will be. As the aftermath is being sorted out, many experts are interested in seeing how the organization may be held financially responsible for their customers’ current situation due to billing and payment issues.

Along with the Change Healthcare incident, cyberattacks that have affected critical infrastructure, such as the Colonial Pipeline attack, are prompting businesses and the federal government to review and adjust their processes to reduce the impact of future attacks. These attacks will likely compel changes in the future, affecting the U.S. healthcare system and the cybersecurity industry as a whole.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today