Change Healthcare Attack: Recovery Woes; Lawsuits Pile Up
Company Makes Progress Restoring IT Services, But Disruption Lingers
Marianne Kolbasuk McGee (HealthInfoSec) • April 5, 2024
While many systems are back online, the disruption is still being felt by many organizations that depend upon the company’s services.
“While IT services are being restored, the reality is healthcare billing is way behind,” said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.
“I just had a medical appointment this morning and learned their insurance filings are still being held up. They’re shifting to paper-based filings and dreading the day they have to reconcile everything,” he told Information Security Media Group on Friday.
“Just talk to your friends and family and no doubt you’ll hear people are still having problems getting prescriptions filled and procedures scheduled.”
Complex Interdependencies
The Change Healthcare incident has shown the need to take a comprehensive look at the complexities and interdependencies of the U.S. healthcare ecosystem to ensure healthcare remains resilient from cyberattacks and continues to provide safe, secure and timely patient care, Weiss said.
“Health-ISAC is encouraging the creation of a public/private task force to complete a systemic risk analysis across the healthcare and public health sector, funded by the Department of Health and Human Services – similar to what was done in the financial services sector over a decade ago,” he said.
“The healthcare and public health sector needs to take a holistic look at how to bolster resilience in the face of sustained and increasing cybersecurity risk,” Weiss said.
“The Department of Homeland Security, in coordination with CISA and other government agencies, should convene a public/private task force to identify and analyze systemic risks across the sector and recommend near- and long-term actions to ensure the sector is resilient.”
The U.S. Treasury Department conducted a similar study of systemic risk in the financial services sector around 2010, Weiss said. “The information gleaned from these reports proved instrumental in ensuring that the expenditure of resources, regulatory action and best practices are aligned to mitigate the most significant risks.”
Read the full article in Healthcare InfoSecurity here:
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%