CNN is reporting that a week after a cyberattack disrupted insurance processing at pharmacies across the US and health care professionals in the US have stated the hack continues to upend their businesses and cost them money:
Carter Groome, chief executive of Health First Advisory, a cybersecurity firm whose clients include big health care organizations, estimated that some health care providers are losing more than $100 million per day because of the outage.
“That’s just not sustainable in an industry with not a lot of cash on hand,” Groome told CNN.
“This is our Colonial Pipeline,” he said, referring to a 2021 ransomware on one of America’s biggest pipelines that disrupted fuel shipments for days and cemented ransomware as a national security concern in the minds of senior US officials.
In the wake of the hack, Elevance Health, which owns Anthem Blue Cross and Blue Shield and insures millions of Americans, has severed network connections to Change Healthcare “out of an abundance of caution,” Elevance spokesperson Leslie Porras told CNN in an email.
“The ability for our members to access medical care, services or fill their prescriptions remains unaffected,” Porras said.
As of Wednesday morning, Change Health Care said the company’s affected network was still offline. Tyler Mason, a company spokesperson, said that insurance claims submissions have returned to “pre-disruption levels” because health care providers are using “alternative clearing houses” to submit claims.
Mason said that doctors and patients can use these workarounds to address the problems described by Parikh and Disney.
“Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need,” Mason said in an email. “As we remediate, the most impacted partners are those who have disconnected from our systems and/or have not chosen to execute workarounds.”
This is bad. I will comment as to why in a moment. But right now, I’ll let Melvin Lammerts, Lead Hacker, Hadrian comment on this:
“The Change Healthcare attack underscores the healthcare sector’s vulnerability to damaging cyberattacks. This incident caused significant disruptions in patient care, financial losses for providers, and potential harm to patients and their families.It highlights systemic weaknesses in healthcare cybersecurity and the pressing need for healthcare organizations to prioritize robust security measures. This includes thorough risk assessments, comprehensive incident response plans, strong network protection, and reliable backup systems.Furthermore, the attack emphasizes the importance of collaboration between healthcare providers and government agencies. This partnership is essential to build more resilient defenses against evolving cyber threats and mitigate their severe impact on patient care.”
This is still another example of how healthcare organizations are low hanging fruit for threat actors. The fact that I am writing about this so often in the last few days illustrates that. Change to make healthcare less of a target needs to happen now.
UPDATE: BullWall Executive, Carol Volk had this to say:
“Ransomware attacks in the healthcare sector endanger patient lives by disrupting critical services and their supply chain. Strong cybersecurity practices are essential to protect patient safety, as well as privacy and to ensure continuity of care. Providers throughout the entire healthcare chain must prioritize cybersecurity by conducting thorough risk assessments and implementing effective response strategies to remove this important target from attacker’s sights. First class defense tools, including ransomware containment systems are readily available and must be a priority or we’ll continue to see attacks escalate.”
Mark B. Cooper, President & Founder, PKI Solutions adds this comment:
“The lingering effect and the extent of those impacted by Change’s cyber-attack exemplifies the prolific challenges the healthcare industry faces in safeguarding its Critical Infrastructure Protection (CIP) environments.
“It highlights the need for mindset shift from reactive to proactive measures that prevent vulnerabilities from becoming a problem. It requires real-time, attentive monitoring to quickly identify misconfigurations and alert the appropriate security resources for prompt remediation. Without such measures, the healthcare industry will continue to be targets with debilitating outcomes where the impact isn’t triggering simply an 8-K or an assembly line disruption, it’s a peoples’ health and their quality of life.
Emily Phelps, VP, Cyware had this comment:
“This event highlights the vulnerability of healthcare organizations to cyber threats and the cascading effects such disruptions can have on patient care and revenue streams. It emphasizes the urgent need for healthcare organizations to invest in cybersecurity efforts that enable proactive defense.
“By leveraging Health ISACs, for example, and integrating and operationalizing threat intelligence, even organizations with limited security resources can better anticipate and mitigate the impact of such attacks. This approach not only protects sensitive data but also ensures that healthcare services remain uninterrupted, thereby safeguarding patient well-being. In response, the healthcare sector must prioritize investments in cybersecurity infrastructure and training to build resilience against future cyber threats.”
Like this:
Like Loading...
Related
This entry was posted on February 29, 2024 at 3:14 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cyberattack on insurance company Change Healthcare disrupting business for doctors, therapists
CNN is reporting that a week after a cyberattack disrupted insurance processing at pharmacies across the US and health care professionals in the US have stated the hack continues to upend their businesses and cost them money:
Carter Groome, chief executive of Health First Advisory, a cybersecurity firm whose clients include big health care organizations, estimated that some health care providers are losing more than $100 million per day because of the outage.
“That’s just not sustainable in an industry with not a lot of cash on hand,” Groome told CNN.
“This is our Colonial Pipeline,” he said, referring to a 2021 ransomware on one of America’s biggest pipelines that disrupted fuel shipments for days and cemented ransomware as a national security concern in the minds of senior US officials.
In the wake of the hack, Elevance Health, which owns Anthem Blue Cross and Blue Shield and insures millions of Americans, has severed network connections to Change Healthcare “out of an abundance of caution,” Elevance spokesperson Leslie Porras told CNN in an email.
“The ability for our members to access medical care, services or fill their prescriptions remains unaffected,” Porras said.
As of Wednesday morning, Change Health Care said the company’s affected network was still offline. Tyler Mason, a company spokesperson, said that insurance claims submissions have returned to “pre-disruption levels” because health care providers are using “alternative clearing houses” to submit claims.
Mason said that doctors and patients can use these workarounds to address the problems described by Parikh and Disney.
“Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need,” Mason said in an email. “As we remediate, the most impacted partners are those who have disconnected from our systems and/or have not chosen to execute workarounds.”
This is bad. I will comment as to why in a moment. But right now, I’ll let Melvin Lammerts, Lead Hacker, Hadrian comment on this:
“The Change Healthcare attack underscores the healthcare sector’s vulnerability to damaging cyberattacks. This incident caused significant disruptions in patient care, financial losses for providers, and potential harm to patients and their families.It highlights systemic weaknesses in healthcare cybersecurity and the pressing need for healthcare organizations to prioritize robust security measures. This includes thorough risk assessments, comprehensive incident response plans, strong network protection, and reliable backup systems.Furthermore, the attack emphasizes the importance of collaboration between healthcare providers and government agencies. This partnership is essential to build more resilient defenses against evolving cyber threats and mitigate their severe impact on patient care.”
This is still another example of how healthcare organizations are low hanging fruit for threat actors. The fact that I am writing about this so often in the last few days illustrates that. Change to make healthcare less of a target needs to happen now.
UPDATE: BullWall Executive, Carol Volk had this to say:
“Ransomware attacks in the healthcare sector endanger patient lives by disrupting critical services and their supply chain. Strong cybersecurity practices are essential to protect patient safety, as well as privacy and to ensure continuity of care. Providers throughout the entire healthcare chain must prioritize cybersecurity by conducting thorough risk assessments and implementing effective response strategies to remove this important target from attacker’s sights. First class defense tools, including ransomware containment systems are readily available and must be a priority or we’ll continue to see attacks escalate.”
Mark B. Cooper, President & Founder, PKI Solutions adds this comment:
“The lingering effect and the extent of those impacted by Change’s cyber-attack exemplifies the prolific challenges the healthcare industry faces in safeguarding its Critical Infrastructure Protection (CIP) environments.
“It highlights the need for mindset shift from reactive to proactive measures that prevent vulnerabilities from becoming a problem. It requires real-time, attentive monitoring to quickly identify misconfigurations and alert the appropriate security resources for prompt remediation. Without such measures, the healthcare industry will continue to be targets with debilitating outcomes where the impact isn’t triggering simply an 8-K or an assembly line disruption, it’s a peoples’ health and their quality of life.
Emily Phelps, VP, Cyware had this comment:
“This event highlights the vulnerability of healthcare organizations to cyber threats and the cascading effects such disruptions can have on patient care and revenue streams. It emphasizes the urgent need for healthcare organizations to invest in cybersecurity efforts that enable proactive defense.
“By leveraging Health ISACs, for example, and integrating and operationalizing threat intelligence, even organizations with limited security resources can better anticipate and mitigate the impact of such attacks. This approach not only protects sensitive data but also ensures that healthcare services remain uninterrupted, thereby safeguarding patient well-being. In response, the healthcare sector must prioritize investments in cybersecurity infrastructure and training to build resilience against future cyber threats.”
Share this:
Like this:
Related
This entry was posted on February 29, 2024 at 3:14 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.