February 23, 2024

Cyberattack disrupts systems at health technology giant Change Healthcare

Editor's Note

Nationwide pharmacy delays and disrupted internal systems are among the effects of a February 21 cyberattack on Change Healthcare, one of the largest healthcare technology companies in the United States.

Systems were immediately disconnected to protect partners and patients, the organization reports, and “all other systems across UnitedHealth Group are operational” as of February 23. In 2022, Change Healthcare joined with healthcare services company Optum in a UnitedHealth Group merger.

Among other recommendations in a February 22 report, The American Hospital Association (AHA) advises organizations to back up data offline, review cyber incident response plans, review business and clinical continuity downtime procedures, and increase threat hunting and monitoring tools and techniques.

“Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain health care technologies and clinical authorizations provided by Optum across the health care sector,” reads an AHA report on the matter. “We recommend that all health care organizations that were disrupted or are potentially exposed by this incident consider disconnection from Optum until it is independently deemed safe to reconnect to Optum. It also is recommended that organizations which utilize Optum’s services prepare related downtime procedures and contingency plans should Optum’s services remain unavailable for an extended period.”

In other cybersecurity news, National Institute of Standards and Technology (NIST) released the final version of its special publication titled “Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide”. According to the February 14 announcement from NIST, this document guides organizations in implementing an information security program, and protecting health information, and otherwise ensuring compliance with the HIPAA Security Rule.

Live chat by BoldChat