Change Healthcare Attack: Recovery Woes; Lawsuits Pile Up
Company Makes Progress Restoring IT Services, But Disruption Lingers
Marianne Kolbasuk McGee (HealthInfoSec) • April 5, 2024
While many systems are back online, the disruption is still being felt by many organizations that depend upon the company’s services.
“While IT services are being restored, the reality is healthcare billing is way behind,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.
“I just had a medical appointment this morning and learned their insurance filings are still being held up. They’re shifting to paper-based filings and dreading the day they have to reconcile everything,” he told Information Security Media Group on Friday.
“Just talk to your friends and family and no doubt you’ll hear people are still having problems getting prescriptions filled and procedures scheduled.”
Complex Interdependencies
The Change Healthcare incident has shown the need to take a comprehensive look at the complexities and interdependencies of the U.S. healthcare ecosystem to ensure healthcare remains resilient from cyberattacks and continues to provide safe, secure and timely patient care, Weiss said.
“Health-ISAC is encouraging the creation of a public/private task force to complete a systemic risk analysis across the healthcare and public health sector, funded by the Department of Health and Human Services – similar to what was done in the financial services sector over a decade ago,” he said.
“The healthcare and public health sector needs to take a holistic look at how to bolster resilience in the face of sustained and increasing cybersecurity risk,” Weiss said.
“The Department of Homeland Security, in coordination with CISA and other government agencies, should convene a public/private task force to identify and analyze systemic risks across the sector and recommend near- and long-term actions to ensure the sector is resilient.”
The U.S. Treasury Department conducted a similar study of systemic risk in the financial services sector around 2010, Weiss said. “The information gleaned from these reports proved instrumental in ensuring that the expenditure of resources, regulatory action and best practices are aligned to mitigate the most significant risks.”
Read the full article in Healthcare InfoSecurity here:
- Related Resources & News
- New HIPAA Cybersecurity Rules Pull No Punches
- What’s in HHS’ Proposed HIPAA Security Rule Overhaul?
- Cyber Threats Know No Borders
- Health-ISAC Hacking Healthcare 1-10-2025
- Google’s rural healthcare cybersecurity initiative
- Gen Z is stealing your health data—and the consequences may be worse than you think
- Left to Our Own Devices Podcast #71: Errol Weiss
- 2025 Newsletter – January
- The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?
- Defending Healthcare Facilities Against Ransomware Attacks