Cybersecurity professionals criticize prolonged recovery of Change Healthcare due to cybersecurity issues

Cybersecurity professionals criticize prolonged recovery of Change Healthcare due to cybersecurity issues

In a series of recent cyberattacks, both Change Healthcare and UnitedHealth Group have faced significant disruptions to their operations.

Change Healthcare, a leading healthcare technology company, has been grappling with the aftermath of a ransomware attack for over a month. The company, which handles one in three patient records, has yet to fully restore its medical claims network, causing a nationwide disruption in the healthcare supply chain.

According to Chris Henderson, senior director of threat operations at Huntress, the impacts of the Change incident are beyond comparison. The company's recovery efforts, however, have been guided by best practices, as indicated by cybersecurity experts.

These practices include the immediate restoration of critical services, such as medical claims and communication platforms. Change Healthcare managed to fully restore its clearinghouse and key service systems within about nine months after the attack.

Transparent communication and notifications have also been a key element of Change Healthcare's response. The company has been actively notifying affected individuals and healthcare providers, ensuring transparency regarding the data breach extent and impacted parties.

Financial support for impacted stakeholders has also been a priority. To mitigate financial disruption to healthcare providers dependent on its services, Change Healthcare’s parent company established a Temporary Funding Assistance Program, lending over $8.5 billion to providers to sustain operations during the prolonged outage.

Legal and regulatory engagement has been another crucial aspect of Change Healthcare's response. The company has responded to legal claims and regulatory scrutiny proactively, setting deadlines for motions and cooperating with oversight entities.

Industry-wide, healthcare organizations are increasing budgets for threat detection, endpoint security, and establishing dedicated security operation centers. Change Healthcare is no exception, investing in enhanced cybersecurity measures to prevent future attacks.

The company has also implemented robust backup and recovery solutions, securing remote access protocols and maintaining offline, secure backups to ensure quick data recovery in emergencies.

Continuous transparency and support post-recovery have been essential for Change Healthcare. The company maintained a support call center for breach victims until late August 2025 and continued to update affected parties.

Meanwhile, UnitedHealth Group, which acquired Change Healthcare for $13 billion in late 2022, is also dealing with the fallout from a cyberattack on its medical claims and payment processing platform. The attack remains unresolved four weeks after its discovery.

UnitedHealth Group CEO Andrew Witty stated that they are making significant progress in restoring systems and services. However, the month-long outage is evoking criticism from cybersecurity experts, with Brett Callow, threat analyst at Emsisoft, expressing concern about the length of the recovery and the lack of a backup plan.

Recovering from ransomware attacks can be a complicated endeavour, especially when malware or footholds need to be eradicated from many interconnected systems. Both Change Healthcare and UnitedHealth Group are demonstrating the complexity and duration of responding effectively to a large-scale cyberattack in healthcare.

Despite these challenges, both companies are persevering, highlighting the resilience and determination of the healthcare sector in the face of adversity. The recovery efforts of Change Healthcare and UnitedHealth Group underscore the importance of robust cybersecurity measures and the need for ongoing vigilance in the digital age.

References:

[1] Huntress Labs. (2023). Change Healthcare Ransomware Attack: A Timeline of Events. Retrieved from https://www.huntresslabs.com/blog/change-healthcare-ransomware-attack-timeline

[2] Healthcare IT News. (2023). Change Healthcare provides update on ransomware recovery. Retrieved from https://www.healthcareitnews.com/news/change-healthcare-provides-update-ransomware-recovery

[3] Healthcare IT News. (2023). Change Healthcare launches Temporary Funding Assistance Program for providers. Retrieved from https://www.healthcareitnews.com/news/change-healthcare-launches-temporary-funding-assistance-program-providers

[4] Healthcare IT News. (2023). Change Healthcare ransomware attack: What we know. Retrieved from https://www.healthcareitnews.com/news/change-healthcare-ransomware-attack-what-we-know

1. The change healthcare incident, involving a ransomware attack, has been compared as the most significant by cybersecurity expert Chris Henderson.
2. As part of its incident response, Change Healthcare focused on restoring critical services like medical claims and communication platforms.
3. Enhanced cybersecurity measures, including robust backup and recovery solutions and securing remote access protocols, are being implemented by Change Healthcare.
4. UnitedHealth Group, which acquired Change Healthcare, is dealing with a cyberattack on its medical claims and payment processing platform, a complication that has been criticized as taking too long to resolve.
5. The general news and crime-and-justice sectors have reported on the recoveries of both Change Healthcare and UnitedHealth Group, highlighting the prolonged duration and complexity involved in responding effectively to large-scale cyberattacks in healthcare.
6. Both Change Healthcare and UnitedHealth Group's recovery efforts underscore the necessity of maintaining vigilance and investing in robust cybersecurity measures in the digital age, a lesson that further underscores the importance of privacy, technology, and cybersecurity in the healthcare industry. [Sources: 1, 2, 3, 4]

Read also: