Health Care’s Most Recent Cyber Incident Reveals Industry-Wide Vulnerabilities

Change Healthcare was impacted by a “suspected nation-state-associated” cybersecurity incident on February 21 that breached its information technology network. The parent company, UnitedHealth Group, took immediate action to isolate and disconnect affected systems upon detection. Specializing in payment and revenue cycle management, Change Healthcare has experienced system outages impacting pharmacies and health systems across the U.S. A unique challenge to affected customers is the lack of alternatives, further highlighting a critical supply chain dependency for the ‘last mile’ of pharmaceutical distribution.

According to the HIPAA Journal, healthcare data breaches have increased with cyberattacks reaching a record 725 large security breaches in 2023. As the health care sector continues to grapple with the challenge of combating progressively sophisticated cyberattacks, the need for health care leaders to allocate resources toward proactive cybersecurity measures and foster a culture of cybersecurity awareness within organizations has only become more evident.

In numerous instances throughout the industry, cyber threat actors have exploited vulnerabilities that should have been recognized and rectified long before hackers discovered and capitalized on them. Budget constraints, challenges in retaining skilled security professionals and uncertainty about the most effective cyber strategies hinder many health care organizations from consistently implementing basic security measures. An absence of cybersecurity practices has likely played a major role in compromising Change Healthcare’s resilience against cyber threats.

These “quick checks” can help any organization protect itself by detecting, responding and recovering from cyber incidents.

You’ve Got This

• Review attack surface and third-party connections
  • What assets do we have or connect to that could be at risk?
• Incident response plan
  • Put your hands on it and update
  • Make sure contact info is updated for employees, critical vendors/service providers and insurance/outside counsel
  • Print it out and put it in multiple locations (Out-of-band [OoB] cloud storage as well)
  • Weaver has a tool to help you get organized: Incident Response Checklist for Executives
• Double-check backups
  • Immutable (not just versioned but protected from change!)
  • Offline/OutOfBand

Think Through

• What communication can you prepare in advance?
• How do you quickly isolate suspect devices and networks?
• How do you communicate with team members out-of-band? Do you have everyone’s mobile number?
• What should your baseline look like?
  • Ingress AND Egress
    • What should be flowing into the network?
    • What should be flowing out of the network?
  • EDR – Endpoint Detection and Response
    • Do we have the right tools in place? Across all assets?
• Do you have all the logs you need?
  • For the right length of time? (Often times the default retention period needs to be expanded to answer key questions)

Carry On

• Forensics / Incident Response
  • Your primary vendor may not be available
  • Multiple contacts are not bad
  • Know where you are ‘in line’ with your provider and what their queue may look like
• All the basics
  • Multi-Factor Authentication & Principle of Least Privilege (PoLP)
  • Hardened Baseline
  • Patch & Update
  • Network Segmentation
  • Logging & monitoring (SIEM)
  • Vulnerability Scan
  • Security Training

For more information on how our cybersecurity team supports the health care industry, contact us. We are here to help.

©2024