UPDATE 03/08/24: This attack has been so disruptive that even the U.S. Department of Health and Human Services (HHS) has stepped in to help coordinate the response. HHS has laid out next steps that the Centers for Medicare & Medicaid Services (CMS) is taking to assist providers and patients, which you can read more about here.
***Original Story Follows***
The February 2024 ransomware attack on Change Healthcare, a major health technology provider, continues to send shockwaves through the healthcare industry. This attack, allegedly perpetrated by the ALPHV/BlackCat group, has crippled crucial services, causing significant disruptions for various healthcare facilities across the US. One notable disruption involves the suspension of Medicare and health insurance reimbursements for medical providers. The withholding of reimbursements is having a serious impact on the cash flow of these providers.
We should note that this situation does not appear to impact the processing of payments made directly by patients. While the consumer payment system functionality is working normally, patients who typically pay their invoices through My Chart or other billing portals may experience a delay in accessing that information.
Impact on Healthcare Facilities:
The attack has primarily affected billing and care authorization portals, leading to:
Prescription Backlogs: Pharmacies that are unable to secure authorization or process prescriptions electronically have resulted in delays in patients receiving medications. This can have a detrimental effect on the health of many Americans.
Operating Revenue Loss: The inability to submit claims electronically has caused financial strain on healthcare providers, jeopardizing essential services. Reportedly, healthcare providers, especially smaller ones, operate with tighter cash. Disruption of their cash flow can threaten their survival.
Increased Workload: Manual workarounds to process claims and prescriptions have added significant monetary and resource burdens to already overwhelmed healthcare staff.
Financial Help and Ransom Payment:
In an attempt to mitigate the financial impact on providers, Change Healthcare’s parent company, UnitedHealth Group, has offered a “Temporary Funding Assistance Program.”
Furthermore, the US government is reportedly considering intervening to assist in the recovery efforts. This potential involvement could involve technical expertise or additional financial support for affected healthcare providers.
The Road to Recovery:
Although Change Healthcare hasn’t yet restored full service at the time of this writing, the company claims it is making progress towards recovery. However, the long-term consequences of this attack are still unfolding. The healthcare industry, grappling with the immediate disruptions, also faces the challenge of strengthening its cybersecurity defenses to prevent similar attacks in the future as a targeted industry.
Implications Beyond the Healthcare Industry
While this cyberattack is isolated to the healthcare industry, it could just as easily affect transportation, communications, utilities, financial services, or any other industry.
It is also important to note that small businesses tend to be at greater risk for ransomware or cybercrime. This is because often they think they’re too small to be a target. As a result, they do not take the appropriate preventative measures to protect themselves and their customers. The fact is, anyone or any business using a computer is a potential target.
Tips on How to Protect Your Business:
Ransomware is not a new phenomenon, and you can effectively protect against it if addressed in advance. Some basic recommendations:
- The 3-2-1 backup rule can help ensure your business has sufficient backups so you do not have to pay a ransom. The 3-2-1 rule recommends that every business have three back-ups of its data, stored on two different types of media, with one of those storage places being offsite.
- Modern endpoint detection and response solutions such as Crowdstrike and others can help stop ransomware from executing and spreading.
- Small businesses can leverage anti-virus solutions with advanced ransomware detection and mitigation capabilities (install on all computers and servers). One example is Bitdefender.
- If your Cloud provider offers anti-ransomware solutions, make sure that you have it enabled.
- Anti-ransomware practices can be coupled with carefully reviewed cyber risk insurance policies.
There are many nuances as to how to protect your business such as size, resources, and staff. Here are some additional recommendations from the Stop Ransomware Campaign – a joint effort with the Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, and the Multi-State Information Sharing & Analysis Center (MS-ISAC).
Regardless of your industry or size of your business, it is always prudent to err on the side of overprotection rather than risk a cyberattack.
