US HealthTech Giant Change Healthcare Hit by Cyberattack

Change Healthcare has confirmed the development in a brief statement, saying, "experiencing a network interruption related to a cyber security issue."

USA’s healthtech giant, Change Healthcare has experienced a major cyberattack by hackers.

This attack led to the disruption of the healthcare giant’s services. In response, Change Healthcare disconnected its systems to prevent further impact and protect partners and patients. The disruption is expected to last at least through the day.

Change Healthcare has confirmed the development in a brief statement, saying, "experiencing a network interruption related to a cyber security issue."

What Happened?

On February 21st, 2024, hackers targeted Change Healthcare's computer systems, disrupting several services such as prescription processing and payments.

However, reports are yet to come on if patients’ data have been breached. Reports from the organisaion state that it is working to fix the situation and restore normalcy to its services.

This attack highlights the importance of cybersecurity in healthcare, where patient data is sensitive.

Digging into Details

Change Healthcare officially confirmed the cyberattack, acknowledging a network interruption linked to a cybersecurity issue.

Talking about it, the company said, "Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. The disruption is expected to last at least through the day."

Initially, most of Change Healthcare's login pages were inaccessible at the time of reporting. Further, local pharmacies, including those in Michigan, reported outages attributable to the cyberattack, with healthcare providers such as Scheurer Health citing challenges in processing prescriptions through insurance due to the nationwide outage caused by Change Healthcare's predicament.

Ongoing Development

Per reports, most login pages for Change Healthcare remain inaccessible as the attack continues into a second day. While the healthcare company is still working to address the issue and restore normalcy.

Owned by UnitedHealth Group’s Optum in 2022, Change Healthcare is one of the largest healthcare technology companies in the US.

UnitedHealth Group completed its merger of U.S. healthcare services giant Optum and Change Healthcare in a $7.8 billion deal. Optum provides technology and data to insurance companies and healthcare services. Both Optum and Change Healthcare are owned by health insurance giant UnitedHealth Group which allowed Optum broad access to the patient records of tens of millions of Americans.

Change Healthcare handles patient payments across the US healthcare system. The tech giant boasts on its website that it handles 15 billion healthcare transactions annually and that one in three US patient records are "touched by our clinical connectivity solutions."

Cyber Security Threat Grappling Healthcare

In December, Corewell Health, a health system in USA’s Michigan reported its second cybersecurity breach this year, impacting more than one million patients. This is the second time in a year that Corewell Health patients had their medical information exposed in a data breach.

This incident is the latest in a series of cyberware attacks and data breaches affecting health systems across the U.S. Other recent breaches include those at Integris Health in Oklahoma, Capital Health in New Jersey, and hospitals run by Ardent Health Services. These breaches highlight the growing concern over cybersecurity in the healthcare sector.

In a recently held DHN Forum Bengaluru, Romanus Prabhu, director of Product Support at ManageEngine, a division of Zoho Corp noted that "3 in 1 Americans are affected due to data breaches." He also cited IBM's report that the average cost of a data breach surged to $11 billion in 2023, a 53% increase from 2020.

Cybersecurity is increasingly becoming a pressing issue in India as well. With prominent healthcare institutions such as AIIMS New Delhi and ICMR being targeted by cyber threats on multiple occasions, it underscores the urgent need for healthcare organizations worldwide to implement rigorous security protocols to protect patient data and ensure their safety.