How the Change Healthcare Cyberattack (and Others Like It) Can Impact Healthcare Companies
MAY 7, 2024
Change Healthcare, owned by UnitedHealth Group, recently experienced a sizable cyberattack, reportedly from the ransomware group known as ALPHV or BlackCat. The attack disconnected over 100 systems, severely impacting the processing of medical claims. This attack has critically affected the cash flow for many healthcare providers across the U.S., leading to staff furloughs and loans to meet payroll. UnitedHealth is also under investigation by the Department of Health and Human Services for its handling of patient data during this attack.
Who does this impact?
Change Healthcare plays a crucial role in the healthcare industry by overseeing the billing procedures and handling claims processes for many healthcare providers, regardless of the patient’s health insurance. Consequently, the hack affecting Change Healthcare hasn't just impacted UnitedHealth clientele, but has also caused extensive disruptions throughout our healthcare system. This ripple effect means that various healthcare industry stakeholders — encompassing hospitals, pharmacies, and other healthcare providers on a national scale — have experienced hindrances in their billing capacities due to this cyberattack.
What steps should you take now?
If the Change Healthcare hack has affected your business, take the following steps:
-
Notify your cyber insurer(s) and any other relevant insurance providers, including your business interruption insurance carrier if applicable. Notifying insurers is critical because it can potentially impact your operations, liability, and coverage. Most insurance policies necessitate prompt notification of any incident. Without notification, you may risk coverage denial by the insurer. Therefore, to ensure that the claim is processed smoothly and that policy coverage is effectively utilized in the event of a breach, notifying the insurance carriers promptly is a key step.
-
Track expenses and establish accounting codes to assist in this process. Include any expenses attributed to the development of new cost centers. It's important to track expenses after a vendor experiences a cyberattack because these costs will play an integral role in the claim process with the insurance carrier. By meticulously tracking these expenses, you can provide a comprehensive account of the financial impact to the insurance carrier, which is critical for reimbursement under the insurance policy. Additionally, by mapping out these costs, you can also get a better understanding of the financial implications and any gaps in your current cybersecurity protocol, and be better prepared for future incidents.
-
Monitor all software patches and alerts seeking to implement any critical updates with high priority. Patch management is key after a vendor experiences a cyberattack because it aids in keeping track of vulnerabilities and ensuring that your systems are up to date. Staying on top of these updates will help to prevent similar attacks in the future. Updates often include patches for security vulnerabilities that cybercriminals exploit. In addition, alerts can provide timely information about new threats or updates about ongoing ones. Ultimately, this diligence significantly strengthens the company's cyber defenses, potentially preventing future breaches and the associated costs.
-
Reset credentials immediately. If possible, seek to reset them utilizing a video conference platform. This prompt action means that if any login specifics were compromised during the vendor attack, they are swiftly rendered useless, which in turn helps thwart any additional breaches. It enhances your organization's security, reduces unauthorized access, and protects against future attacks. Using a video conference platform adds an extra layer of security because it allows for real-time identity verification.
-
Have contact dialogues with vendors. Challenge them on workarounds in the event of future cyberattacks and how they will impact service. These dialogues are essential for quickly restoring operations, ensuring security moving forward, and promoting transparency and cooperation among all parties involved. The discussions can also help detect any vulnerabilities in the process that need to be addressed, and allow vendors to demonstrate compliance with cybersecurity best practices.
-
Contact your insurance broker and ask for further guidance. USI provides a range of services and guidance to help you both prevent and navigate the aftermath of a vendor's cyberattack.
How USI Can Help
USI can help you review your cyber liability policy to assess your unique cyber risks. We evaluate the financial impact of these exposures to estimate potential dollar loss and analyze how your current policy meets these exposures.
Our dedicated Executive & Professional Risk Solutions technical resource team can work closely with you to determine if changes are needed in your policy to meet the potential financial impact of each exposure. We also provide benchmarking analysis to show what other organizations like yours purchase in terms of limit, retention, and at what premium.
Furthermore, we coordinate with your insurance company, approved service providers, and other stakeholders to create a core response team ready to step in when required. This team can include a data breach legal advisor, forensic investigator, public relations and/or crisis management services, notification and call center vendors, and credit monitoring or credit fraud remediation services.
Our role is to assist you as much as you need, ensuring the response process moves fluidly from one step to the next while advocating for maximum reimbursement under your insurance policy. In addition, we constantly update this assessment to include emerging risks, helping you stay prepared for the evolving cyber threat landscape.
Lastly, we advise on network security measures such as managing vendors, assessing their level of insurance, implementing data encryption and strengthening passwords, and planning for potential business interruption losses.
To learn more about mitigating cybercrime losses with insurance and risk management, contact your USI consultant or email us at pcinquries@usi.com.
SUBSCRIBE
Get USI insights delivered to your inbox monthly.