What Went Wrong in the Change Healthcare Cyberattack?
The recent cyberattack on Change Healthcare is a significant setback in the fight against healthcare cyber threats in the US medical system.
As a leading healthcare technology company, Change Healthcare has been hit by two extortion attacks—one involving a ransomware gang and the other implicating an affiliate who leaked patients' personal information onto the dark web.
This incident amplifies the need for more robust cybersecurity measures to protect sensitive healthcare data. Providers must boost their understanding of cyberattack risks to align business practices with their cybersecurity protocols.
Let's explore the specifics of the recent cyberattack on the healthcare tech firm, including the associated risks. We will also examine vulnerabilities and suggestions to
enhance your healthcare cybersecurity.
The Change Healthcare Cyberattack: A Recap

Medical claims processing is a crucial aspect of the US healthcare system as it ensures that providers receive the necessary financial support and that patients can access essential care. However, a cyberattack abruptly disrupted this symbiotic relationship in late February.
Millions of people woke up to the news that their medical records had been compromised due to a massive healthcare cyberattack against Change Healthcare, the country's largest clearinghouse for medical claims. The consequences of this breach were severe, leaving many individuals uncertain about the safety and privacy of their medical information.
Initial Response and Repercussions
The attack compelled Change Healthcare to take decisive action, necessitating the disconnection of numerous systems to contain the breach's spread. Consequently, the company could not process medical claims through its primary platforms, resulting in a ripple effect across the entire healthcare ecosystem.
Pharmacies cannot process insurance claims nor provide patients with information about the cost of their prescriptions. Patients without insurance must pay out of pocket for services and medications. Meanwhile, healthcare practices have had to resort to manual processing, resulting in delays in patient care delivery.
This collective impact highlights the crucial importance of implementing strong cybersecurity measures and providing
training on healthcare cybersecurity attacks for resilient healthcare infrastructures.
New Common Risks in Cyberattacks
Did you know cybercriminals often target healthcare organizations because they hold confidential data? This data includes sensitive patient health records, insurance details, and payment records that they can use for nefarious purposes such as identity theft, insurance fraud, and sale on the dark web.
Due to its value, healthcare data makes medical institutions attractive targets for cyberattacks. The following sections will explore these common threats in more detail.
Data Breach
In the Change Healthcare breach, the RansomHub affiliate group recently leaked personal patient information onto its dark web leak site. Those files contained various documents, such as billing files, insurance records, and medical information.
Sensitive data exposed online may also have offline impacts. Exposure to patient addresses could increase the risk of identity theft or targeted attacks. Compromised passwords and passcodes could result in unauthorized access to sensitive systems.
Read the Guide:
Signs and Symptoms of a Ransomware Attack
Identity Theft
It's essential to be aware that cybercriminals can use stolen personal information, such as patient names, Social Security numbers, and medical histories, for identity theft or fraudulent loan or credit card applications.
In Change Healthcare's case, a group of hackers gained access to a network by using compromised credentials to log into an application that allowed remote access. Unfortunately, that program
did not activate multifactor authentication (MFA), which could have provided cybersecurity protection through text message codes or tokens.
Read the Blog:
What is MFA and How Can It Protect Your Practice?
Financial Loss
UnitedHealth Group, the parent company of Change Healthcare, has reported that the financial impact of the cyberattack totaled approximately $870 million. Of this amount, the company spent roughly $595 million on restoring the clearinghouse platform and other response efforts.
Both companies face indirect costs, such as legal fees for regulatory compliance, forensic investigations, and potential litigation. Furthermore, regulatory fines and penalties for noncompliance with data protection laws can further increase financial burdens.
Reputational Damage
One of the most significant impacts of a cyberattack is decreased patient trust and confidence. Patients rely on clinics to protect their sensitive information. A successful attack can shake their faith in the organization's ability to respond to cybersecurity threats in healthcare.
In addition to patients, business partners such as insurance providers and referring physicians may also lose confidence in the clinic's cybersecurity measures and vice versa. This outcome can have far-reaching consequences, negatively impacting the clinic's brand image and market reputation.
Negative publicity, social media backlash, and word-of-mouth spread of the incident can tarnish the clinic's credibility. This, in turn, can deter potential patients from seeking care, significantly impacting the clinic's financial stability and long-term success.
Factors Contributing to Vulnerabilities
Identifying the factors that contribute to vulnerabilities is paramount. If left unaddressed, these vulnerabilities can expose organizations to various cyber threats and compromise the integrity of their systems and data.
Crucial factors to consider:
- Weak encryption protocols leave data vulnerable to unauthorized access or interception by cyberattackers, compromising the confidentiality of sensitive information.
- Lack of regular security audits increases the likelihood of undetected weaknesses in systems and processes, providing cyberattackers with opportunities to exploit security gaps.
- Phishing attacks and social engineering tactics target human vulnerabilities, tricking individuals into disclosing sensitive information or unwittingly installing malware.
- Intentional or unintentional insider threats pose significant risks. Employees with access to systems may misuse their privileges, intentionally leak sensitive information, or inadvertently introduce security vulnerabilities.
- Challenges in updating and securing outdated systems create vulnerabilities. Legacy systems may no longer receive security patches or updates, which leaves them susceptible to exploitation by cyberattackers.
Read the Blog:
Best Practices for Protecting Against Cloud Ransomware
Recommendations for Boosting Cybersecurity
As cyber threats evolve, applying robust security measures is essential to safeguarding sensitive data, protecting against financial impacts, and maintaining the trust of customers and stakeholders.
Cybersecurity recommendations:
- Using multifactor authentication adds security by requiring users to provide multiple forms of identification. This protocol reduces the risk of unauthorized access to sensitive data.
- Regular awareness programs educate providers and staff about common cyber threats, empowering them to respond effectively to social engineering tactics and other malicious activities.
- Investing in modern security technologies, such as advanced intrusion detection systems, endpoint protection platforms, and encryption tools, enhances the organization's ability to detect, prevent, and mitigate cyberattacks in real time.
- Phasing out legacy systems reduces the organization's exposure to known vulnerabilities and compatibility issues. This protocol allows for smoother integration of modern security solutions and minimizes the risk of cyberattack exploitation.
- Information sharing among industry peers enables organizations to learn from each other's experiences and collectively strengthens defenses against common cyber threats.
- Collaboration with cybersecurity experts and authorities provides access to specialized knowledge, resources, and best practices. This partnership enables organizations to address cybersecurity vulnerabilities and stay ahead of emerging threats.
ER Tech Pros: Assess Your Vulnerabilities Now

Recently, Change Healthcare suffered a cyberattack that resulted in significant disruptions. This attack affected clinical and pharmacy operations, leading to patient care delays and increased out-of-pocket expenses for patients. Identifying potential risks, resolving vulnerabilities, and implementing recommended cybersecurity steps are crucial to prevent such incidents from happening again.
ER Tech Pros is a reliable partner that offers cybersecurity services customized to protect your clinic against ransomware and other cyber threats. We provide comprehensive solutions that ensure top-of-the-line protection for every aspect of your IT infrastructure:
- Endpoint Security
- Network Security
- Email Security
- Cybersecurity Training
- Simulated Phishing Campaigns
Don't leave your clinic's cybersecurity to chance. Contact one of our experts today to schedule a FREE cybersecurity assessment or to learn more about our services.
Search Articles