The unprecedented cyberattack on Change Healthcare[1], a major revenue cycle management firm, has thrown the US healthcare system into a financial mess. With payment systems crippled, hospitals are demanding federal intervention to avert an economic crisis that could imperil care delivery. Change Healthcare is a revenue and payment cycle management provider that connects payers, providers, and patients within the U.S. healthcare system. The name also refers to a company founded in 2007 that became part of the current conglomerate.[2]
The American Hospital Association (AHA) has pressured Congress and the White House to take extraordinary measures supporting providers impacted by the ongoing disruptions at the UnitedHealth Group subsidiary. In a letter to leaders like Senate Majority Leader Chuck Schumer, the AHA warned the 13-day incident "demands a whole of government response."
"This attack has already imposed significant consequences on patients and the hospitals, health systems, and other providers who care for them," wrote AHA President Rick Pollack. He cited patients struggling to get care, billions in halted cash flows threatening provider viability, and skyrocketing administrative costs from laborious manual workarounds.
The AHA criticized UnitedHealth's temporary funding assistance program as "not even a band-aid (ha!) on the payment problems" and called for bold federal actions like expediting Medicare advance payments and compelling more support from the healthcare giant. The crisis has cybersecurity experts debating the merits of potential government intervention. "Federal agencies can play a pivotal role... offering support to the affected entities in a number of ways both in the short term and long term," said Darren Guccione, CEO of Keeper Security, outlining roles for the FBI, CISA, and NIST.
See: https://redskyalliance.org/xindustry/cyber-attacks-on-hospitals
Critical Start's Chad Graham cautioned that such intervention could create "a moral hazard, reducing the incentive for healthcare institutions to invest in robust cybersecurity measures." Yet he acknowledged it may be needed to "prevent potentially catastrophic disruptions in patient care."
Menlo Security's Ngoc Bui alleged the attack is linked to the prolific BlackCat ransomware gang, speculating they pulled an "exit scam" after getting paid to avoid law enforcement. As hospitals plead for a financial lifeline, experts agree the situation underscores the cyber vulnerability of healthcare's critical infrastructure and the need for a holistic strategy balancing immediate incident response and long-term resilience.
Jim McKee, CEO of Red Sky Alliance Corp., stated, “Hackers cannot be taught that a third party will pay all of their demands to solve the ransomware problem. This will only increase the number and price tags of never-ending cyberattacks. Organizations need to prioritize their budgets to defend against these attacks in the first place.”
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www. redskyalliance. org/
- Website: https://www. redskyalliance. com/
- LinkedIn: https://www. LinkedIn. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.changehealthcare.com
[2] https://www.secureworld.io/industry-news/hospitals-seek-federal-help-ransomware/
Comments