Healthcare Uncertain After Change Healthcare Cyberattack

In the aftermath of the Change Healthcare cyberattack, the healthcare sector is facing unprecedented challenges, dealing with a cyber event organized by the BlackCat/ALPHV threat actor. Change Healthcare openly acknowledges the security breach and emphasizes collaboration with cybersecurity experts, law enforcement, and third-party consultants Mandiant and Palo Alto Networks. The company takes active measures to address the situation, implementing multiple workarounds to ensure the continuity of key services. Change Healthcare also maintains that the systems of Optum, UnitedHealthcare, and UnitedHealth Group remain unaffected by the cyber incident.

The effects continue, causing disruptions for pharmacies nationwide on the sixth day of service. UnitedHealth Group provides updates without specifying a timeline for system restoration, impacting major chains like CVS and Walgreens. Tricare reports disruptions in military pharmacies globally. The American Pharmacists Association urges patients to verify medication availability due to cyber-induced insurance claims transmission issues. The FBI links BlackCat ransomware to the attack, with reports suggesting a connection to vulnerabilities in ConnectWise’s ScreenConnect app. UnitedHealth Group discloses a suspected nation-state cyber threat actor’s intrusion into Change Healthcare’s IT systems. The incident prompts concerns about potential cascading effects on key services and clinical authorizations. The American Hospital Association recommends disconnection from Optum and suggests healthcare organizations prepare contingency plans. Change Healthcare disconnects systems promptly upon detecting the external threat, and the incident is confined to Change Healthcare’s operations. Change Healthcare faces network interruptions due to a cyberattack, prompting immediate disconnection to safeguard partners and patients. The disruption’s expected duration extends at least through the day. Scheurer Family Pharmacy in Michigan experiences temporary prescription processing halts due to the outage. Change Healthcare engages in ongoing efforts to restore impacted systems as the cyber event unfolds.

In response to the healthcare industry’s escalating challenges amid the Change Healthcare cyberattack, ongoing efforts focus on understanding and mitigating the attack’s aftermath. The Health Information Sharing and Analysis Center (Health-ISAC) releases valuable indicators of compromise (IOCs) and insights from cyber intelligence firm RedSense. RedSense suggests the exploitation of ConnectWise’s ScreenConnect vulnerabilities, emphasizing the need for heightened vigilance against cyber threats. Health-ISAC’s bulletin highlights RedSense’s speculation that the cyberattack leveraged vulnerabilities in ConnectWise’s ScreenConnect, disclosed just days before the incident. Despite ConnectWise’s denial of any confirmed link to Change Healthcare, the attack underscores the need for immediate patching and vigilance in the face of evolving cyber threats. On February 26th, the FBI confirms BlackCat’s involvement in the cyberattack, highlighting increased cybersecurity risks for the healthcare sector. The joint advisory from the FBI, CISA, and HHS outlines BlackCat’s persistent threat, emphasizing the need for securing remote access tools, user training, and robust security controls.

Ackowledging prescription processing disruptions and service downtime, the healthcare sector urges organizations to implement recommended mitigations, leverage threat intelligence, and promptly update ScreenConnect software.Maintaining day-to-day operations, improving business continuity plans, and managing financial challenges become necessary for impacted healthcare entities. While Change Healthcare works tirelessly to restore systems, the incident highlights the importance of robust cybersecurity measures, including third-party risk management and resilient business continuity planning. The sector emphasizes vigilance, collaboration, and proactive cybersecurity measures as key measures for strengthening healthcare’s resilience against evolving cyber threats as it confronts these unprecedented challenges.