How the Change Healthcare Cyberattack (and Others Like It) Can Impact Healthcare Companies

MAY 7, 2024

Change Healthcare, owned by UnitedHealth Group, recently experienced a sizable cyberattack, reportedly from the ransomware group known as ALPHV or BlackCat. The attack disconnected over 100 systems, severely impacting the processing of medical claims. This attack has critically affected the cash flow for many healthcare providers across the U.S., leading to staff furloughs and loans to meet payroll. UnitedHealth is also under investigation by the Department of Health and Human Services for its handling of patient data during this attack.

Who does this impact?

Change Healthcare plays a crucial role in the healthcare industry by overseeing the billing procedures and handling claims processes for many healthcare providers, regardless of the patient’s health insurance. Consequently, the hack affecting Change Healthcare hasn't just impacted UnitedHealth clientele, but has also caused extensive disruptions throughout our healthcare system. This ripple effect means that various healthcare industry stakeholders — encompassing hospitals, pharmacies, and other healthcare providers on a national scale — have experienced hindrances in their billing capacities due to this cyberattack.

What steps should you take now?

If the Change Healthcare hack has affected your business, take the following steps:

  1. Notify your cyber insurer(s) and any other relevant insurance providers, including your business interruption insurance carrier if applicable. Notifying insurers is critical because it can potentially impact your operations, liability, and coverage. Most insurance policies necessitate prompt notification of any incident. Without notification, you may risk coverage denial by the insurer. Therefore, to ensure that the claim is processed smoothly and that policy coverage is effectively utilized in the event of a breach, notifying the insurance carriers promptly is a key step.

  2. Track expenses and establish accounting codes to assist in this process. Include any expenses attributed to the development of new cost centers. It's important to track expenses after a vendor experiences a cyberattack because these costs will play an integral role in the claim process with the insurance carrier. By meticulously tracking these expenses, you can provide a comprehensive account of the financial impact to the insurance carrier, which is critical for reimbursement under the insurance policy. Additionally, by mapping out these costs, you can also get a better understanding of the financial implications and any gaps in your current cybersecurity protocol, and be better prepared for future incidents.

  3. Monitor all software patches and alerts seeking to implement any critical updates with high priority. Patch management is key after a vendor experiences a cyberattack because it aids in keeping track of vulnerabilities and ensuring that your systems are up to date. Staying on top of these updates will help to prevent similar attacks in the future. Updates often include patches for security vulnerabilities that cybercriminals exploit. In addition, alerts can provide timely information about new threats or updates about ongoing ones. Ultimately, this diligence significantly strengthens the company's cyber defenses, potentially preventing future breaches and the associated costs.

  4. Reset credentials immediately. If possible, seek to reset them utilizing a video conference platform. This prompt action means that if any login specifics were compromised during the vendor attack, they are swiftly rendered useless, which in turn helps thwart any additional breaches. It enhances your organization's security, reduces unauthorized access, and protects against future attacks. Using a video conference platform adds an extra layer of security because it allows for real-time identity verification.

  5. Have contact dialogues with vendors. Challenge them on workarounds in the event of future cyberattacks and how they will impact service. These dialogues are essential for quickly restoring operations, ensuring security moving forward, and promoting transparency and cooperation among all parties involved. The discussions can also help detect any vulnerabilities in the process that need to be addressed, and allow vendors to demonstrate compliance with cybersecurity best practices.

  6. Contact your insurance broker and ask for further guidance. USI provides a range of services and guidance to help you both prevent and navigate the aftermath of a vendor's cyberattack.

To learn more about mitigating cybercrime losses with insurance and risk management, contact your USI consultant or email us at pcinquries@usi.com.