Change Healthcare Breach is a Sobering Wakeup Call on Cybersecurity

 More

It seems that every month, the threat becomes greater and greater for hospitals across the country: the possibility that bad actors can disrupt the hospital’s operations – or effectively bring them to a halt – without the offenders leaving their couch.

John Hawkins, President/CEO, Texas Hospital Association
Hawkins

As I write this, hospitals and hospital systems everywhere have spent recent weeks dealing with the implications of a major cyberattack in February on Change Healthcare, which is part of the health care technology behemoth Optum. Both, in turn, are owned by insurance giant UnitedHealth Group. Change Healthcare, by its own accounting, processes 15 billion health care transactions each year and touches one out of every three patient records. American Hospital Association President Rich Pollack called the attack “the most significant and consequential attack of its kind against the U.S. health care system in history.”

Cyberattacks on hospitals – including those involving ransomware, where hackers demand payment in exchange for releasing the captured hospital records and patient information – have become an all-too-common fixture of the news in the past decade or more. For example, Ardent Health Services, which has 15 facilities in Texas, got hit by just such an attack last November. But the Change attack illustrated how hospitals and other health care facilities can be devastated without even being the target.

AHA and we at the Texas Hospital Association quickly jumped in to assess the ramifications and appeal to state and federal authorities for guidance, help and flexibility on claims processing, payments and more. Even after a New York Times story on March 5 detailed what security firms believe was a $22 million ransom payment by United to the perpetrators, facilities across the nation are still trying to analyze and crawl out from under this seismic disruption to their cash flows and day-to-day operations.

This breach underscores just how dependent the health of hospitals is on timely insurance payments. And even though this particular attack wasn’t on a hospital system, it’s an unfortunate wakeup call for all our facilities – a reinforcement of just how important it is to make sure your hospital or clinic stays on top of cybersecurity and takes steps to protect its IT infrastructure.

Now granted, the health care cyberthreats we periodically get warnings about from federal authorities like the FBI aren’t the easiest thing for most hospital personnel to digest. They usually contain arcane technical information that might only be fully understood by a hospital’s IT department. In the context of everything else a medical facility has to worry about each day, it may be easy to brush them aside and focus on patient care or the standard basics of hospital administration.

But in this age, it’s essential for hospitals to be as secure as possible. If your facility hasn’t explored the resources out there to do so lately, use this unfortunate news as a good time for a cybersecurity refresh.

Last fall, THA’s chief strategy officer, Fernando Martinez, authored this guide for hospitals to manage cybersecurity threats. I recommend appropriate hospital personnel review it for a starter on your revitalized journey toward firewalling your facility. Another excellent resource is the Stop Ransomware webpage from the federal Cybersecurity and Infrastructure Security Agency, which includes a guide on best practices.

In the grand scheme, we’re still in the early days of a new age in health care, where digital information storage and transmission – in everything from patient records to claims information and more – is king. There are excellent aspects of that massive and inevitable shift – but cybersecurity, if not duly addressed, can be a devastating pitfall. Like a health scare for yourself or a loved one that leads to a renewed focus on living longer, let’s use the Change breach as an impetus to make our hospital tech systems as impenetrable as possible.

Related articles from The Scope

An Interview with ChatGPT on the State of Texas Health Care

An Interview with ChatGPT on the State of Texas Health Care

Amy RiosJun 6, 202310 min read

THA sat down with the popular AI chatbot to get…

COVID-19 in Texas Hospitals: Three Years Later

COVID-19 in Texas Hospitals: Three Years Later

Amy RiosMar 21, 20238 min read

This month marks three years since the COVID-19 pandemic irrevocably…

Homeward Bound Health Care

Homeward Bound Health Care

Katherine O’BrienOct 20, 20229 min read

From infection prevention to telemedicine, the COVID-19 pandemic dramatically changed…

Implementing Sustainable Health Care

Implementing Sustainable Health Care

Julia MannAug 4, 202210 min read

Going green, or making efforts to reduce negative environmental impacts…

Protecting your patients, data and infrastructure – battling rising cyber risk

Protecting your patients, data and infrastructure – battling rising cyber risk

Julia MannJun 17, 20223 min read

By INSURICA and Cyberforce|Q Health care organizations are one of…

Achieving Supply Chain Stability

Achieving Supply Chain Stability

Julia MannJun 17, 20228 min read

With the pandemic waning, one might think that the strain…