What an Attack on UnitedHealth Tells Us About Cybersecurity

There has recently been a surge in cyberattacks and data breaches targeting the healthcare industry and its affiliated businesses and vendors. With one such attack currently featured prominently in the headlines, it seemed appropriate to consider why this is and what businesses of all kinds—particularly those in healthcare—need to do to prevent this kind of thing from happening to them.

So, what happened?

Change Healthcare, Owned By UnitedHealth Group, Was Hacked

In the medical industry, doctors and other providers regularly communicate with insurance providers to obtain authorization and payment for medical services, often using intermediary businesses to do so on their behalf. The numerous regulations in place to protect patient information have historically made these connections challenging, as different platforms didn’t always play nicely with one another.

Modern software solutions, used by intermediaries to smooth out interactions between different systems, have eased this process considerably. However, these benefits don’t come without significant shortcomings.

Namely, increased vulnerability to cyberattacks.

The past few years have seen a continued increase in attacks against the healthcare industry, and with these kinds of opportunities out there for cybercriminals, it’s little wonder that this is happening. The level of industry centralization these systems generate simply makes it easier for attacks to take place on a much larger scale compared to targeting individual organizations like a specific hospital or insurance provider.

This is What Happened to Change Healthcare

Change Healthcare is one of these intermediaries, responsible for processing 15 billion transactions per year between UnitedHealth Group and its affiliates. This makes it no surprise that the healthcare group has pointed the finger at a ransomware group known as BlackCat/ALPHAV, which has a history of attacking the healthcare industry. According to statements made by the healthcare provider, Change Healthcare was taken offline immediately upon discovering the threat, and every system they still have in operation has passed evaluations conducted by leading cybersecurity firms.

Ultimately, six terabytes of Change Healthcare source codes and data regarding healthcare and insurance providers and pharmacies were reportedly stolen.

While UnitedHealth Group has declined to comment on whether or not they ultimately paid the ransom, the ransomware group claims to have been paid $22 million with a blockchain transaction of unknown origin to support their statement.

Either way, UHN stocks plunged $30 billion in cap market value.

Meanwhile, with many doctors, hospitals, and pharmacies facing billing challenges, UnitedHealth Group has been scrambling to implement quick fixes to restore Change Healthcare’s capabilities. The United States Department of Health and Human Services also recommended that the group adopt measures like waiving prior authorizations and accepting paper bills to help assuage the issues and maintain operational continuity. Many providers have been advised to switch to an alternative clearinghouse if they face cash flow issues.

While an Extreme Example, All Businesses Can Learn from These Events

Let’s summarize what lessons there are to take away from all this:

Redundancy is Essential for All Businesses and their Continuity Strategies

Healthcare organizations of all sizes have been affected by the service outage, but not all have felt the effects equally. Larger health systems have found it far simpler to pivot and restore some degree of their operations simply because they had the resources to quickly shift to a different vendor’s services while Change Healthcare has been out of commission. Smaller healthcare systems and providers have had a much harder time because those options are less accessible to them, and many lacked a backup strategy to implement quickly.

This helps highlight how disaster recovery and business continuity are not preparations that only large businesses need to concern themselves with because issues are not exclusive to only large organizations.

Continuity Issues Extend Beyond an Individual Business

Every industry today relies on interconnectivity and collaboration. One undeniable shortcoming of this is that one organization’s continuity or even security can very easily be impacted by the issues of another, as the smaller healthcare organizations have witnessed. All businesses that rely on external providers for services must thoroughly vet these providers and their security preparations to help avoid increased cybersecurity risks and potential disruptions.

Cybersecurity is Non-Negotiable

On a related note, all businesses must take cybersecurity incredibly seriously today—regardless of their size, industry, or affiliations. This need is all-encompassing, too. Not only are comprehensive and maintained cybersecurity measures critical, but everyone employed by a business needs to understand the threats that we all face and be trained to spot their warning signs more effectively.

At Omega Technical Solutions, we take these needs to heart, assisting our clients in doing everything necessary to protect their investments and reputations, from practical steps to ongoing education. Find out what we can do to help protect your business from being the next example of cybercrime by giving us a call at (703) 743-3056.