The Change Healthcare mega hack has impacted nearly 120 of the company’s IT products and services, causing widespread disruption in the healthcare industry. Change Healthcare, a critical IT provider for healthcare organizations, processes billions of healthcare transactions annually and plays a significant role in patient records. The outage has resulted in healthcare providers facing challenges with processing claims, payments, and patient billing, leading to financial strain for many organizations.
The Medical Group Management Association has called on the U.S. Department of Health and Human Services to take action to mitigate the impacts of the cyber disruption on medical groups and physicians. Optum, the parent company of Change Healthcare, confirmed that the attack was carried out by cybercriminals claiming to be BlackCat/Alphv. Optum has implemented workarounds to ensure access to medications and care for affected customers, while also offering a new instance of Change Healthcare’s Rx ePrescribing service.
Organizations not directly connected to Change Healthcare are also feeling the effects of the cyber disruption, as they may have vendors or partners with relationships to the company. The incident raises concerns about the consolidation of vendors in healthcare and the challenges associated with developing workarounds for critical services. If the investigation reveals that personal health information was compromised, it could lead to a large breach notification event.
Sara Goldstein, an attorney at BakerHostetler, highlighted the regulatory and legal issues that Change Healthcare’s clients may face due to the cyberattack. She also discussed business interruption, cost considerations, and cyber insurance issues for affected companies. Goldstein provided tips for healthcare entities to protect themselves from social engineering and phishing attacks, emphasizing the importance of cybersecurity measures in the industry.