Ransomware Attack on Change Healthcare Wreaks Havoc on U.S. Medical Billing Systems | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

One cybersecurity expert estimates some healthcare providers are losing $100 million per day because of the Change Healthcare ransomware attack.

Change Healthcare, a technology company owned by UnitedHealth that processes insurance claims and other critical hospital functions experienced a ransomware attack on February 21 that has continued to cause major disruptions to the nation’s medical payments infrastructure.

For more than a week and a half, the attack has threatened the security of patient data and is delaying many prescriptions at pharmacies and in hospitals around the country, as well as some healthcare worker paychecks, reports the Associated Press. Pharmacies such as CVS, Walgreens, Publix, and Good RX all have reported some disruption resulting from the attack, reports the Tennessean.

The ransomware attack against Change Healthcare is the most serious incident of its kind leveled against a healthcare organization in the U.S., according to the American Hospital Association (AHA). The company says it processes about 15 billion healthcare transactions every year and touches one in every three patient records.

One cybersecurity expert says some healthcare providers are losing more than $100 million per day due to the outage, reports CNN.

According to the AHA: “The staggering loss of revenue means that some hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services. In addition, replacing previously electronic processes with manual processes has often proved ineffective and is adding considerable administrative costs on providers, as well as diverting team members from other tasks.”

In response to the attack, Change Healthcare immediately isolated and disconnected the impacted systems, reports NBC News. UnitedHealth also stood up a “Temporary Funding Assistance Program” for hospitals affected by the breach, but according to the AHA, the funds “will not come close to meeting the needs of our members as they struggle to meet the financial demands of payroll, supplies and bond covenant requirements, among others.”

It is also believed that Change Healthcare has paid off the hackers. The group responsible for the attack is known as AlphV or BlackCat, reports Wired. The group received 350 bitcoins in a single transaction or nearly $22 million as a ransom payment. If Change Healthcare did pay the ransom, it would set a dangerous precedent by encouraging more cyberattacks. The payment also runs counter to the FBI’s instructions not to pay hackers.

Additionally, an affiliate hacker has indicated that they’ve accessed the data of many other healthcare firms that have partnered with Change Healthcare. If true, the hacker could demand more payments or leak the information it has accessed, reports Wired.

In response to the ransomware attack, the AHA sent a letter to Congress requesting a “whole government response.” Read the letter.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!


Click Here For The Original Source.


National Cyber Security