2024-03-08
Change Healthcare Shows Signs of Life
Change Healthcare is beginning to recover from a February ransomware attack that disrupted the submission and processing of insurance claims and prescriptions across the US. Change Healthcare’s parent company, UnitedHealth Group, says that electronic prescription services, including claim submission and payment transmission, have been restored, and the company is taking steps to restore other services.
Editor's Note
"Signs of life" are welcome by all the small businesses like pharmacies and doctor's offices depending on Change Healthcare. To Change Healthcare's parent, United Healthcare, paying $20 Million in ransom was likely a bit more than a minor inconvenience and is not going to substantially affect financial results. However, many of the businesses depending on Change Healthcare for payment processing have a much harder time to deal with the delayed income.
Johannes Ullrich
Having heard from friends about the impact of the service outage, restoration of service, for those who didn't switch to alternatives Optum services, is both anticipated and welcome. This is a good time to consider where you have weaknesses in common targets such as your RDP, VDI and VPN services. Make sure these are only available to authorized users and systems, you're both patched and implementing security best practices. Have you scheduled a security posture assessment to validate that?
Lee Neely
Change Healthcare continues to be under the microscope and offers many lessons that we will relearn. For example, yes it was a malicious attack, but it also demonstrated a lack of implementation of basic cybersecurity controls for a Fortune 50 company. For the healthcare industry and every industry vertical for that matter, it demonstrated that vendor consolidation can easily lead to supply chain disruption. I suspect many hearings will be held; many reports will be written in the coming months, but these are lessons we are already familiar with.