Change Healthcare Attack: Recovery Woes; Lawsuits Pile Up
Company Makes Progress Restoring IT Services, But Disruption Lingers
Marianne Kolbasuk McGee (HealthInfoSec) • April 5, 2024
While many systems are back online, the disruption is still being felt by many organizations that depend upon the company’s services.
“While IT services are being restored, the reality is healthcare billing is way behind,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.
“I just had a medical appointment this morning and learned their insurance filings are still being held up. They’re shifting to paper-based filings and dreading the day they have to reconcile everything,” he told Information Security Media Group on Friday.
“Just talk to your friends and family and no doubt you’ll hear people are still having problems getting prescriptions filled and procedures scheduled.”
Complex Interdependencies
The Change Healthcare incident has shown the need to take a comprehensive look at the complexities and interdependencies of the U.S. healthcare ecosystem to ensure healthcare remains resilient from cyberattacks and continues to provide safe, secure and timely patient care, Weiss said.
“Health-ISAC is encouraging the creation of a public/private task force to complete a systemic risk analysis across the healthcare and public health sector, funded by the Department of Health and Human Services – similar to what was done in the financial services sector over a decade ago,” he said.
“The healthcare and public health sector needs to take a holistic look at how to bolster resilience in the face of sustained and increasing cybersecurity risk,” Weiss said.
“The Department of Homeland Security, in coordination with CISA and other government agencies, should convene a public/private task force to identify and analyze systemic risks across the sector and recommend near- and long-term actions to ensure the sector is resilient.”
The U.S. Treasury Department conducted a similar study of systemic risk in the financial services sector around 2010, Weiss said. “The information gleaned from these reports proved instrumental in ensuring that the expenditure of resources, regulatory action and best practices are aligned to mitigate the most significant risks.”
Read the full article in Healthcare InfoSecurity here:
- Related Resources & News
- Healthcare Heartbeat 2024 Q4
- Health-ISAC Hacking Healthcare 2-19-2025
- Podcast: Reflecting on the Change Healthcare cyberattack
- Senate Confirms Trump Pick RFK Jr. to Lead HHS
- The Alarming Backdoor Hiding in 2 Chinese Patient Monitors
- Health-ISAC 2025 Health Sector Cyber Threat Landscape
- How Health Systems Manage Security in the Cloud
- Change Healthcare Attack a Wake-up Call for the Industry
- Five High-Impact Cyberattacks Healthcare Industry Should Avoid in 2025
- Health-ISAC Hacking Healthcare 2-11-2025