If you work in healthcare then you are well informed of the importance of cyber security. IT departments work vigorously to secure the safety of their health systems IT infrastructure. Today, the majority of IT departments utilize different phishing emails to educate and prepare their work force regarding the possibility of a potential security breach.

On Wednesday, February 21, the biggest cyber-attack to-date occurred at Change Healthcare. Change Healthcare is a provider of revenue and cycle management that connects payers, providers, and patients within the U.S. healthcare system. Change Healthcare operates the largest clearinghouse for medical claims in the United States. The company manages nearly 15 billion claims a year and insurance companies such as Cigna and OPTUM Health (to name a few) were affected by this attack.

There is now an ongoing investigation into Change Healthcare, which is a subsidiary of the UnitedHealth Group. This cyberattack alone has crippled healthcare payments and exposed millions of patient data across the United States. Nearly three weeks after the cyberattack, many healthcare payments are still frozen. Because the cyberattack has caused delayed payments, many hospitals and physician practices are struggling to meet payroll and other obligations because their claims and cash flow has diminished.

Healthcare systems are incredibly vulnerable to cyber-attacks because of the large amounts of sensitive data that is stored about their patients. The sensitive data is in high demand on the black market and many hospitals opt to pay the ransoms that the attackers demand. It is speculated that Change Healthcare allegedly payed a $22 million-dollar ransom to retrieve the stolen data. 

The cyber-attack on Change Healthcare, similar to those that have come before in the healthcare sector, serves as a critical reminder of the vulnerabilities and potential consequences regarding cyber-attacks.

It is estimated that the cyber-attack is affecting nearly 74% of patient care throughout the United States with an estimated that the revenue impact is nearly $1 million dollars per day. The U.S. Department of Health and Human Services are working to coordinate efforts to minimize the disruptions of care throughout the health care system; however, due to magnitude of the attack, they have had to face incredible obstacles.

Currently, products will go through a phased reintroduction process, including launch, testing and scaled reconnection. The UnitedHealth group continues to provide valuable updates on their website to inform the public of possible timelines regarding the reintroduction of products and services.

When systems are back up and running at their full potential and restored to their previous operating capability, there will once again be serious talks about the importance of the security of patient data. The healthcare system continues to face cyber security threats and there are always talks about how the healthcare system can do better when there are attacks of this magnitude.

However, history does continue to repeat itself and while the healthcare system learns from some of their mistakes, new mistakes always arise. This attack intensifies questions about how the private companies that comprise the U.S. health system and the government that regulates them are defending against cyber-attacks. There are hundreds of ransom ware attacks a year against health care and public health organizations. 

Regardless of how exactly the cyber-attack was carried out (it is widely speculated that it was a phishing link in an email) the importance of strengthening security across the health system collectively is considerably important to mitigate an attack of this magnitude from occurring again.

How the health system handles this breach in collaboration with the HHS and the U.S. government is just as important as the steps that these joint efforts will comprise to limit another potential, devastating breach in the future.