It's been almost a year since reports began that Health Change Healthcare, a large clearing house, had been experiencing a critical cyberattack.
The company processes bills from hundreds of thousands of doctors, pharmacies and other stores, and traffics around 15 billion transactions each year, but is inherently debilitated after being hit by black cat ransomware.
After weeks and months, the scale and extent of the violation became clear, and the fallout continues and is unable to pay national bills for all shapes and sizes.
It was also revealed in a testimony from the UnitedHealth Group before Congress that Hackers have access to Change's network because they do not have simple security tools such as multifactor authentication.
By the end of 2024, the attack was easily the biggest healthcare data breaches of the year, and at least as far as ever, has always been easier. Even recently over the past month, the number of affected individuals has been revised upward, affecting approximately 190 million people, according to a January report.
What lessons have we learned in 12 months since that widespread cybersecurity event?
We recently saw their thoughts from executives from several vendors in companies in every corner of the industry, about their experiences and what positives emerged from the violations felt throughout healthcare. I asked about it.
“This case reminded me of the unresolved vulnerabilities involving vendors, third parties and partners. It's been a long discussion, but hardly discussed, but very little uncontroversial.”
“The violation was a serious setback, but it became sensitive to systematic issues, spurring postponed legislative advances among healthcare cybersecurity leaders and pushing for innovation,” he said. . “The challenges remain, but this violation sets a stage of imminent change as it moved into 2025.”
To these lessons, Jonathan Shoemaker, CEO of Healthcare, which develops AI-powered patient throughput tools, added: “It also reminds us of the importance of working with high quality best practices to measure and monitor risks that ultimately help to effectively protect our systems, data and client patients.”
The weeks of downtime highlighted the need to provide healthcare information where and when needed, and provided lessons on the need for iron-covered security.
“Data is invaluable, so you have to be diligent in protecting the data you store and send,” said Kim Perry, chief growth officer at Emtelligent, an AI-enabled analytics company. “This is especially important as we aim to increase data liquidity to meet the requirements of Hitech, HT-1 and other health data and interoperability standards.”
The incident “emphasized the vulnerabilities inherent in central healthcare platforms where sensitive data concentrations could become a major target for cybercriminals,” according to the Chief Clinical Responsibility of value-based care company Equality Health. said Dr. Michael Poku.
“To mitigate these risks, we must invest in advanced security measures, including quantum security technologies, to protect our systems,” he added. “Enhanced endpoint detection and response capabilities are also important. Additionally, a robust employee education program is essential to prevent phishing and other cyber threats.”
A year after the Healthcare Breach change, “we have a deeper understanding of the key needs of stronger collaboration across industries,” says Jett Reidy, Chief Products and Technology Director at InableComp, a Revenue Cycle Management company. He said Masu.
“Payers, providers, clearinghouses, EHRs and revenue cycle companies need to establish redundancy and create multiple layers of protection to protect and respond to the ever-present threat of cyberattacks.” Reidy said. “Sharing insights and resources will help us to enhance our collective defense and protect our healthcare ecosystem more effectively.”
But it starts with the basics, with simple tools like MFA, Chris Carmichael, Vice President of Business Development at R1, says it specializes in revenue cycles and patient experience.
“The healthcare industry is still making great strides in combating increasingly sophisticated cyberattacks,” he said. “Too many organizations prioritize convenience over security and leave them vulnerable.
“Simple but influential measures, such as implementing multifactor authentication, strict employee training, and consistent third-party security testing, can go a long way in securing your system,” he added. “The industry must embrace a proactive cybersecurity culture to protect sensitive data and maintain confidence in the digital age.”
Mike Miliard is the executive editor of Healthcare IT News
Email the writer: mike.miliard@himsmedia.com
Healthcare IT News is a publication by HIMSS.
