April 1, 2024 By Jennifer Gregory 3 min read

Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications.

Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.

Ransomware attacks shut down systems for weeks

Earlier this month, Change Healthcare was the victim of a ransomware attack by ALPHV, also known as BlackCat. Change Healthcare provides pharmacy claims transactions, provider claims processing, patient access and financial clearance, provider payments, authorizations and medical necessity reviews. Every year, Change processes 15 billion healthcare transactions and touches one in three patient records.

According to Change Healthcare’s statement on their website, when they discovered that a threat actor gained access to one of their environments, they disconnected their systems to limit the impact. The attack caused Change to shut down for several weeks. While some services are back online, Change Health is currently working on getting all operations up and running again. During this time, providers, including hospitals, pharmacies and private practices, were unable to access the systems to perform functions, including getting reimbursed for patient services and preauthorization for patients.

According to Wired, UnitedHealth, which owns Change Health, reportedly paid $22 million in ransom. Although ALPHV’s dark web sites and decryption keys were seized by the FBI in December 2023, the organization still managed to pull off one of the most disruptive healthcare attacks only a few months later. ALPHV’s dark website recently listed 28 other corporate victims of their attacks.

Read the Threat Intelligence Index report

Attack causes trickle-down effect

One of the most damaging parts of the cyberattack is the trickle-down effect from Change to providers to patients. Cybersecurity Dive uncovered a range of impacts, from providers not seeing new patients due to not being able to verify insurance eligibility to hospitals unable to use their typical billing processes. Pharmacists cannot accurately determine patient copays, resulting in them either taking estimated payments or requiring patients to pay the full amount for their medications.

Many providers are struggling to pay their expenses without insurance reimbursement for services. Molly Fulton, the Chief Operating Officer at Arlington Urgent Care, told the New York Times that their five urgent care centers had around $650,000 in unpaid insurance reimbursements. To stay open, the owners are using their personal savings and opening lines of credit through their bank to cover employee paychecks, rent and other business expenses.

Healthcare remains one of the industries most targeted by cyber criminals. The IBM X-Force Threat Intelligence Index 2024 reported that healthcare is the third-most targeted industry in North America, moving up from fourth place the previous year. The majority of healthcare incidents (43%) involved threat actors using legitimate tools for malicious purposes, while spam campaigns and malware cases each accounted for 29% of incidents.

The impact of the attack going forward

As Change Healthcare continues to get its systems back online, many questions still remain unanswered, such as what the organization’s liability will be. As the aftermath is being sorted out, many experts are interested in seeing how the organization may be held financially responsible for their customers’ current situation due to billing and payment issues.

Along with the Change Healthcare incident, cyberattacks that have affected critical infrastructure, such as the Colonial Pipeline attack, are prompting businesses and the federal government to review and adjust their processes to reduce the impact of future attacks. These attacks will likely compel changes in the future, affecting the U.S. healthcare system and the cybersecurity industry as a whole.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

3,000 “ghost accounts” on GitHub spreading malware

3 min read - In the past, cyber criminals directly distributed malware on GitHub using encrypted scripting code or malicious executables. But now threat actors are turning to a new tactic to spread malware: creating ghost accounts. A highly effective malware campaign Check Point Research recently exposed a new distribution-as-a-service (DaaS) network, referred to as the Stargazers Ghost Network, that has been spreading malware on GitHub for at least a year. Because the accounts perform typical activities as well, users did not realize that…

Warren Buffett’s warning highlights growing risk of cyber insurance losses

3 min read - The United States cyber insurance industry continues to see strong profits, according to Fitch Ratings. Average premium increases, meanwhile, have moderated over the last three years: While 2021 saw a 34% jump in premium pricing and costs rose 15% in 2022, increases were under 1% in 2023.As noted by the Fitch Ratings report, "segment underwriting profitability at current levels is unsustainable as cyber insurance pricing is likely to remain flat or down going forward." While this is good news for…

New CISA guidance for organizations adopting Single Sign-On

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a comprehensive study of various small and medium-sized businesses to help identify common challenges and opportunities associated with Single Sign-On (SSO) adoption. SSO has garnered considerable chatter across several industries, especially regarding its ability to improve security while extending a certain level of convenience to employees using this protocol. However, it hasn’t yet been widely adopted as a best practice standard. Some businesses rave about SSO's security benefits, while others are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today