Hospital hacking threats persist amid continued chaos of Change Healthcare cyberattack

Editor's Note

The ransomware group behind a recent cyberattack on one of the nation’s largest health systems has its sights set on hospitals, the FBI and the Department of Health and Human Services (HHS) warned February 27.

According to a report in Chief Healthcare Executive one day later, systems were still down from the February 21 attack on Change Healthcare, an organization that reportedly touches a third of patient records processes 15 billion health care transactions annually.

“This unprecedented attack against one of America’s largest health care companies has already imposed significant consequences on hospitals and the communities they serve,” Rick Pollack, president and CEO of the American Hospital Association (AHA), wrote in a letter to the U.S. Department of Health and Human Services. “Although the full scope of the impact is still unclear, Change Healthcare’s vast nationwide reach suggests that it could be massive.”

Citing AHA, the report notes that difficulties include processing insurance claims and checking eligibility for coverage, as well as clinical decision-making and pharmacy operations. Disrupted organizations also include retail pharmacies such as Walgreens and CVS as well as military hospitals and pharmacies, the report notes.

Change Healthcare is a part of Optum, which is part of UnitedHealth Group.

According to the FBI/HHS notice, the BlackCat hacker gang behind the attack is focused specifically on the healthcare sector, the source of most of its 70 victims since December. That same month, the group’s leadership encouraged affiliates to attack hospitals after the FBI infiltrated its operations. The group has ties to Russia and was responsible for leaking nude breast cancer patient photos in an attack on Allentown, Pa.-based Lehigh Valley Health Network last year.