Change Healthcare Attack a Wake-up Call for the Industry

Change Healthcare Attack a Wake-up Call for the Industry, Report Finds
The Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group has released its 2024 Annual Report, highlighting critical vulnerabilities in healthcare cybersecurity. The report underscores the Change Healthcare cyberattack as one of the most disruptive cybersecurity incidents in recent history, exposing significant weaknesses in the healthcare sector’s resilience.
“We’ve been discussing this problem for years, but this attack made it real,” said Erik Decker, Industry Co-Chair of the Cybersecurity Working Group. “Now we know exactly how devastating a single cyber event can be to the entire healthcare ecosystem.”
Key Lessons from the Attack
The Change Healthcare incident revealed three major cybersecurity gaps in the healthcare industry:
-
Chokepoints in the healthcare ecosystem: The attack demonstrated how a single vendor’s failure can cripple multiple health systems.
-
Lack of coordinated response strategies: Healthcare organizations had varying levels of preparedness, leading to inconsistent responses across the industry.
-
Urgency for a national cybersecurity strategy: The report emphasized the need for a government-backed framework to mitigate similar threats in the future.
“The Change Healthcare attack was a wake-up call,” said Anahi Santiago, CISO at ChristianaCare, [Health-ISAC Board Member] and a leader in the Hospital Cybersecurity Landscape Analysis Task Group. “It’s time for healthcare systems to take a proactive, not reactive, approach to cybersecurity.”
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%