A cyberattack on health technology giant Change Healthcare has taken place, according to TechCrunch. The company is used by pharmacists to check patients’ eligibility for treatments and process orders for medication given their insurance situation.
In a statement, the company says: “Change Healthcare is experiencing a network interruption related to a cyber security issue and our experts are working to address the matter. Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”
The company handles 15 billion healthcare transactions annually. Change Healthcare merged with Optum two years ago, in a $7.8 billion deal.
Looking to the cyberattack for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.
Tausek begins by explaining the background to the cyber-incident: “One of the largest health tech companies in the U.S., Change Healthcare, has reported a cyberattack affecting systems across the organization, including dental, medical records, and payment services. Change manages patient payments across the healthcare sector, with access to medical records and sensitive patient information.”
In terms of the consequence of the attack, he adds: “Pharmacies across the country are already reporting delays in filling prescriptions and providing services as a result of this attack, marking the real-world dangers to human health cyberattacks can cause.”
It is possible that company reorganisation and the associated upheavals have led to vulnerabilities. Tausek observes: “Change Healthcare was acquired by UnitedHealth Group in 2022. The period during and following mergers and acquisitions can be a prime window for attacks, with advanced attackers taking advantage of internal upheaval caused by efforts to integrate systems, streamline operations, and increase efficiency.”
The cyber-incident the event highlights the vulnerability the afflicts mush of the health and social care sector. Tausek explains: “The healthcare industry remains a prime target for relentless threat actors. With the widespread reliance on third-party entities like Change Healthcare for data management, the vulnerability of sensitive patient data is heightened.”
There are measures that firms can take, which Tausek proposes as: “Adopting a proactive cybersecurity strategy is imperative to counter potential threats effectively. This includes leveraging automated platforms to centralize incident detection and breach reporting.”
