Ransomware Attack Taught Lessons on Health Sector Resiliency, Vendor Redundancy
It’s been one year since Russian-speaking hackers unleashed ransomware on UnitedHealth Group’s Change Healthcare IT services unit.
“The incident was an eye-opener because no one in the industry really realized how entrenched Change was in healthcare delivery,” said Denise Anderson, president of the Health Information Sharing and Analysis Center (Health-ISAC.)
Unfortunately, concentration risk is a huge issue – and not just in healthcare – as illustrated by other incidents such as the July 2024 CrowdStrike outage – caused by a faulty software update, she said.
“A lot of healthcare organizations rely on the same vendor or set of vendors to deliver services – and if that vendor is impacted by an incident, it can have cascading effects across the sector,” she said.
“Prevention strategies include MFA, endpoint protection, offline backups, regular patching, email security and network segmentation,” Anderson said.
“But C-suite buy-in is critical – investing in security upfront saves millions in recovery costs,” she said.
Read the full article in Healthcare InfoSecurity. Click Here
Topics include:
- Falling Through the Cracks
- Data Retention Blunders
- Here Come the Feds
