Services
Platform and Technology Capabilities
Home / Insights / Blog / How Can Healthcare Companies Stay Vigilant When Giants like UHG Have Fallen?
September 5, 2024 - by Synoptek
The 2024 Change Healthcare attack was a hacker’s delight! The staggering cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG), raises significant governance questions.
Change Healthcare processes over 15 billion medical transactions annually, handling nearly one-third of U.S. patient records. The February ransomware attack, which resulted in a $22 million ransom payment, led to the shutdown of critical services, affecting 131 million patients and nearly 67,000 pharmacies nationwide. Still in evaluation and post-aftermath impact, the total cost for UHG is estimated to be between $2.3 billion and $2.45 billion this year, about $1 billion more than previously reported.
The American Hospital Association (AHA) deemed this incident “the most serious of its kind against a U.S. healthcare organization,” reporting that 94% of hospitals faced adverse financial impacts, with over half experiencing significant challenges.
Many providers reported cash flow issues, with nearly 60% estimating daily revenue losses exceeding $1 million. The repercussions extended to patient care, with 74% of hospitals reporting delays and setbacks, necessitating labor-intensive workarounds.
The urgent need for effective cybersecurity measures has never been more apparent as the healthcare sector continues to grapple with the aftermath of this fallout.
Although UnitedHealth paid the ALPHV/BlackCat ransomware gang a $22 million Bitcoin ransom after the attack, Change Healthcare took several vital measures to enhance cybersecurity following the devastating cyberattack, such as:
UnitedHealth Group has paid over $3.3 billion to providers affected by the breach, which was especially challenging for smaller healthcare providers who rely heavily on timely reimbursements.
This incident is a stark reminder that even large organizations are vulnerable, prompting the question: if a giant like UnitedHealth Group can be compromised, how can smaller companies protect themselves?
Smaller healthcare organizations must adopt robust cybersecurity measures to protect their operations. Here are essential strategies to consider:
Review user accounts regularly and deactivate any inactive or unnecessary accounts. This reduces the risk of unauthorized access through forgotten or unused credentials.
Configure firewalls to restrict traffic to only those geographical locations relevant to the business. For instance, a US-based company should limit access to traffic originating from the US, minimizing exposure to international threats.
Limit remote access to only those employees who need it. Regularly review access rights to ensure only essential personnel have remote capabilities, preventing potential breaches through less secure accounts.
SOCaaS is a cost-effective solution for smaller companies looking to enhance their cybersecurity posture in a scalable manner. This proactive approach can help identify and mitigate threats before they escalate into significant breaches.
Adopt policies to restrict access for former employees and minimize the risk of shared passwords, ensuring only current staff can access company systems. It also helps reduce the impact of any breach, as compromised credentials are frequently updated.
Regularly audit administrative roles within systems. Limit access to elevated privileges to only those who require it, reducing the risk of insider threats.
Implement training programs to educate employees on recognizing phishing attempts. This can significantly reduce the likelihood of falling victim to scams that could compromise sensitive information.
Ensure that internal systems are not exposed to the internet. Access should be restricted through VPNs, protecting sensitive patient data from external threats.
The cyberattack on Change Healthcare was an eye-opener for all healthcare providers. Organizations must upgrade their defenses to navigate skillfully as the digital landscape becomes more hostile. Implementing these cybersecurity strategies can help companies add extensive layers of protection to their operations against potential threats. proactive measures are essential to protecting the organization and the patients and communities it serves. As healthcare evolves, prioritizing ‘healthy’ cybersecurity will be crucial in maintaining trust and operational integrity.
Blog
On-Demand Webinar
White Paper
Read More