Lessons Learned for the Healthcare Sector: Change Healthcare Cyberattack
Change Healthcare, renowned as one of the largest vendor claim-processing networks globally and handles a staggering volume of patient records and transactions annually, was recently the victim of a large-scale ransomware-driven cyberattack wreaking havoc on the entire Change Healthcare ecosystem. The impact of the cyberattack in February 2024 has caused a major ripple effect throughout the healthcare industry. Consequently, the attack not only compromised sensitive patient data but also disrupted their access to medical services and prescriptions.
The impact extended to the operational core of network providers, halting essential services such as insurance claims, billing, payments, and prescriptions. This disruption severed the revenue pipeline for healthcare providers, compelling them to pursue alternative financial avenues to sustain their operations. The scale and repercussions of the attack are unprecedented, marking it as one of the most severe and disruptive cyberattacks in the healthcare sector’s history. The financial strain persists several weeks after the initial incident, with some providers facing dire circumstances, including the need to secure loans to meet basic financial obligations like payroll.
The severity of the attack prompted governmental intervention, with emergency funding programs initiated to assist affected providers. Additionally, Change Healthcare’s parent, UnitedHealthcare, introduced temporary financial assistance programs to alleviate the impact on providers. Change Healthcare is now the subject of multiple regulatory investigations, including those conducted by the Office of Civil Rights (OCR), for potential HIPAA Security non-compliance due to the lack of cybersecurity controls.
Beyond the financial ramifications, the attack raises significant concerns about patient welfare. In addition to the potential exposure of personal data, patients are encountering obstacles in accessing essential medical services and prescriptions, exacerbating an already complex insurance process.
Even upon system recovery, providers anticipate months of administrative challenges, including sorting patient eligibility and claims backlog.
The incident underscores the growing threat of ransomware attacks on the healthcare industry. With threat actors targeting healthcare organizations due to the lucrative nature of financial and patient data, as well as the inherent vulnerabilities in providing critical healthcare services, there is an urgent need for robust cybersecurity measures and third-party risk management strategies.
In light of this attack, it’s more crucial now than ever that healthcare organizations prioritize cybersecurity investments, including comprehensive risk assessments, vulnerability remediation, and developing comprehensive contingency plans to help mitigate the impact of these critical risk areas. Network security, payment portal access management, robust third-party risk management, and partnering with reliable cybersecurity experts are vital steps in safeguarding against lurking cyber threats.
How Centri Can Help
At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most.
Our cybersecurity and healthcare advisory experts collaborate with your senior management to:
- Assess cybersecurity threats and vulnerabilities to your organization via a comprehensive risk-based approach.
- Align your internal controls with recognized industry frameworks.
- Provide valuable insight on actionable takeaways & implementation plans.
- Serve as trusted risk advisors, including developing roadmaps to address the cybersecurity challenges that are unique to your organization.
You can’t predict what will happen, but you can protect your business. Contact us to learn how we can set your business up for success.
Managing Director | Healthcare Practice Leader | CPA
Kevin is a Managing Director at Centri Business Consulting and the leader of the firm’s Healthcare Practice. He has more than 25 years of public accounting and consulting experience. View Kevin Dadey's Full Bio
Managing Director | IT Risk & Cybersecurity Practice Leader | CISA
Rich is a Managing Director at Centri Business Consulting and the leader of the firm’s IT Risk & Cybersecurity Practice. He has more than 14 years of combined experience in internal control consulting, IT risk, cybersecurity advisory, and risk-based internal audits and accounting. View Rich Sowalsky's Full Bio
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and tax, CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
Centri’s Capital Conference
The Centri Capital Conference is a one-day event held at Nasdaq on April 22, 2025. This platform will connect investors with executives from presenting companies in various emerging and rapid-growth sectors, including disruptive technology, life sciences, healthcare, and more. The conference will feature industry panels, dynamic speakers, and networking opportunities and will give growth-oriented private and public companies a place to showcase their innovations.
For more details, contact us at capitalconference@centristage.wpengine.com.
Eight Penn Center
1628 John F Kennedy Boulevard
Suite 500
Philadelphia, PA 19103
530 Seventh Avenue
Suite 2201
New York, NY 10018
4509 Creedmoor Rd
Suite 206
Raleigh, NC 27612
615 Channelside Drive
Suite 207
Tampa, FL 33602
1175 Peachtree St. NE
Suite 1000
Atlanta, GA 30361
50 Milk St.
18th Floor
Boston, MA 02109
1775 Tysons Blvd
Suite 4131
McLean, VA 22102
One Tabor Center
1200 17th St.
Floor 26
Denver, CO 80202
1-855-CENTRI1
virtual@CentriConsulting.com