The IT Nerd

It costs money to have good defences against cyberattacks. But it costs way more money to when you actually get pwned by hackers. United Healthcare who’s Change Healthcare unit got in a massive way a few months ago reported their Q2 2024 numbers. And in it was an update on the fact that they got pwned:

Cyberattack Update

The company has restored the majority of the affected Change Healthcare services while continuing to provide financial support to the remaining health care providers in need. To date, the company has provided over $9 billion in advance funding and interest-free loans to support care providers.

Total cyberattack impacts in the second quarter were $0.92 per share. This included $0.64 per share to support direct response efforts such as the Change Healthcare clearinghouse platform restoration and increased medical care expenditures. Additionally, Change Healthcare business disruption impacts, reflecting lost revenue and the costs of maintaining full readiness of the affected Change Healthcare services, were $0.28 per share in the second quarter.

The company currently estimates the total full year 2024 impact at $1.90 to $2.05 per share. Within this, direct response costs are estimated at $1.30 to $1.35, an increase of $0.40 to $0.45 from the initial estimate. The change is due to the company’s care provider financial support initiatives and consumer notification costs. Business disruption impacts are estimated at $0.60 to $0.70 per share.

To say that those are non-trivial numbers is an understatement. John Gunn, CEO, Token had this comment:

Today’s disclosure of the full cost of the Change Healthcare breach is a screamingly loud wake-up call to every organization to stop being penny-wise and dollar-foolish in not adopting phishing-resistant MFA. A small investment in next-generation MFA would have saved United Healthcare more than $2 billion. This disclosure should also allay the fears of those who fear the recent SCOTUS ruling overturning the Chevron deference will weaken the strength of cybersecurity regulations and lessen companies’ motivation to implement proper cybersecurity measures. The avoidance of massive losses such as this are the greatest motivators of all for CISOs, CEOs, and boards.

So, here’s my advice to any company who thinks that they can skimp on cybersecurity. Spend the money. Because if you don’t, you will eventually be the next United Health. And that’s not a good place to be.

This entry was posted on July 16, 2024 at 3:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.