What the UnitedHealth cyberattack teaches us about cybersecurity

Do employers really know how? Keep your data safe teeth? Change Healthcare, UnitedHealth's payment processing company, found itself in a difficult situation. has been hacked Last month, the results were surprising.

According to its website, Change Healthcare is responsible for 14 billion clinical, financial and operational transactions each year, processing an estimated 50% of them. medical billing On a lighter note, the Change Healthcare cyberattack on February 21st compromised US healthcare provider and patient data, and the US government is now wondering how much data was compromised and how much data the company has begun an investigation to determine whether it is HIPPA compliant. (Health Insurance Portability and Accountability Act) to protect patient information.

“Ransomware attacks like the one against Change Healthcare aim to cripple an organization by using encryption to disable critical systems,” said anti-malware software company Malwarebytes Cyber. said security expert Mark Stockley. “The attacks are carried out by criminal hackers who infiltrate vulnerable organizations, probe networks, steal valuable data, and covertly distribute ransomware to as many computers as possible.”

read more: Alabama renews IVF ruling. What can employers learn from it?

UnitedHealth providers are struggling to get reimbursed for services, and patients are struggling to get their medications as health care companies seek to restore access to medical billing and electronic payments. ing. This means hospitals and pharmacies are forced to wait and incur untold financial burdens. The U.S. Department of Health and Human Services is asking insurance companies to waive certain authorizations and accept physical claims from doctors and hospitals, a process that could take months.

UnitedHealth says these services are expected to be up and running later this month, but they cannot fix the breach itself. The American Hospital Association considers the attack to be the most “severe” incident of its kind in the history of the U.S. health care system.

read more: Ed Rigonde talks about the “why'' that guided his career in welfare benefits

Stockley emphasized that cyberattacks are only becoming more common, with the Office for Civil Rights seeing a 256% increase in large-scale breaches over the past five years. He advises employers to consider whether they are prepared to prevent and detect intrusions.

“Block common forms of intrusion. Develop a plan to rapidly patch vulnerabilities in internet-connected systems,” Stockely says. “Use endpoint security software to prevent exploits and malware used to deliver ransomware. Segmenting your network and carefully assigning access rights can help prevent intruders from operating within your organization.” It makes it difficult to do that.”

read more: Will your disability insurance cover long-term COVID-19? What’s at risk for employers and employees?

He also suggests that companies create offsite, offline backups of office technology to ensure continued access to critical business functions in the event of a breach. Stockley notes that it is common for hackers to hold data hostage unless they are handed a large amount of money, then return access or delete the stolen data.

Time will tell if UnitedHealth can fully restore services, but in the meantime, providers and patients are feeling the impact. This is a strong reminder that employers should take action to protect themselves.

“Last year, ransomware criminal organizations were paid more than $1 billion in ransoms,” Stockley said. ”[These attacks] This will only make matters worse as it is very lucrative and the gangs behind the attacks are very difficult to stop. ”