Ransomware attack on Change Healthcare pegged as “most significant” in sector history | #ransomware | #cybercrime

The American Hospital Association has named the suspected ransomware attack on Change Healthcare, a unit of insurance giant UnitedHealth Group’s Optum division, as “the most significant and consequential incident of its kind against the U.S. healthcare system in history.”

Change Healthcare, which suffered the cyberattack on February 21st, reportedly handles 14 billion clinical, financial, and operational transactions annually, making the relatively unknown firm a major player in the U.S. health system.

Since the attack, doctors’ practices, hospital systems, and pharmacies that work with Change Healthcare have struggled to find workarounds.

John Riggi, the hospital association’s national adviser on cybersecurity, has noted that the issues will take some time to resolve, adding, “We have seen it generally takes a minimum of 30 days to restore core systems.”

On March 7th, UnitedHealth Group, which purchased Change Healthcare only recently, announced that two services — related to electronic payments and medical claims — would be restored later in the month, adding, “While we work to restore these systems, we strongly recommend our provider and payer clients use the applicable workarounds we have established.”

Advertise here

The firm’s CEO, Andrew Witty, said, “We’re determined to make this right as fast as possible.”

On the heels of this response, many have suggested that the attack is exposing the health system’s broad vulnerability to hackers, as well as shortcomings in the government’s response.

Wired Magazine has since reported that the ransomware gang behind the attack has been paid $22 million in Bitcoin, which could be covered by Change Healthcare’s insurance, but the effects on other healthcare providers are expected to be significant.

As Reinsurance News understands, Cyber Liability Policy covers business interruption (BI) costs if the insured suffers a loss of revenue or an extra expense due to a system interruption or outage caused by a breach.

The extra expense in this case would include interest/financing expenses associated with the borrowing of funds to manage cash flow which is what is ultimately being affected by the hospital systems and the physician practices.

Those who purchased separate cyber insurance policies will be filing claims for any extra expenses and those who didn’t might look to their property policies BI for potential recovery.

There are a significant number of hospital systems and physician practices affected by the breach and for the larger systems, the cash flow disruption is anticipated to be manageable.

For smaller, independent hospitals and physician practices, the delay in patient billings will have a much greater impact on their cash flow which theoretically could put some of them out of business, especially since some healthcare systems were already struggling financially.

Print Friendly, PDF & Email

Source link


National Cyber Security