Change Healthcare, owned by UnitedHealth Group, was targeted by cybercriminals, affecting 140 million Americans and costing $1 billion daily. Recovery efforts underscore the critical need for robust cybersecurity measures in healthcare.
CHANGE HEALTHCARE, A subsidiary of UnitedHealth Group, recently experienced a major attack by a cybercrime organization known as ALPHV or BlackCat, which has been implicated in other high-profile attacks.1 Change Healthcare has multiple software products that include electronic health records, patient scheduling, and claims adjudication. Because of its reach across the health care ecosystem, at least 140 million Americans were affected in some way, costing providers up to $1 billion per day.2 It has taken weeks for the systems to slowly return, and I expect the cleanup will continue for several more weeks or months.
This was a ransomware attack in which the terrorists encrypt data and hold it hostage until a ransom is paid. Only then will they release the key to allow access. Health care data are extremely valuable because they are critical to provide the necessary care for each patient. They are also necessary to ensure health care providers are paid for their services, and unlike a credit card that can be easily canceled, health care data last forever.
Patients often express frustration about the fragmentation of their care with separate groups on different platforms. However, imagine if all of us were on the same platform during a cyberattack. An event like this would have shut down the entire system and could have led to serious harm, even deaths. Separate systems help make the environment less fragile.
Although details are limited, the terrorists were able to gain access through human error, which is the most common mechanism. All of us are targets, and we need to approach every email as a potential threat. Unfortunately, the gestalt of many in leadership is to make things more resilient, which can interfere with efficient care. Nassim Taleb, philosopher and author of the book Antifragile, argues that the better approach is to develop systems that get stronger when damaged.3 I don’t have specific recommendations for features of systems, but they would include having simple rules, redundancy, and avoiding things that don’t work, such as passwords.4
The US government needs to be more aggressive in prosecuting these terrorists and protecting its citizens. Imagine if the police fined you when your car was stolen because they felt you did not do enough to protect it. This victim-blaming approach often occurs in cyberattacks.5-7 Health care corporations have a responsibility to their customers to protect their data and to their shareholders to prevent business disruption. The government has a responsibility to protect citizens and corporations from state-sponsored cyberterrorist attacks. Attacks will continue to occur, and we all need to be better prepared and equipped to handle them.
Leslie Busby, MD, is chair of the US Oncology Pharmacy & Therapeutics Committee, and a medical oncologist and hematologist at Rocky Mountain Cancer Centers, Boulder, Colorado.
Ilson Examines Chemoimmunotherapy Regimens for Metastatic Gastroesophageal Cancers
December 20th 2024During a Case-Based Roundtable® event, David H. Ilson, MD, PhD, discussed the outcomes of the CheckMate 649, CheckMate 648, and KEYNOTE-859 trials of chemoimmunotherapy regimens in patients with upper GI cancers.
Read More
Participants Discuss Frontline Immunotherapy Followed by ADC for Metastatic Cervical Cancer
December 19th 2024During a Case-Based Roundtable® event, Ramez N. Eskander, MD, and participants discussed first and second-line therapy decisions for a patient with PD-L1–positive cervical cancer in the frontline metastatic setting.
Read More
Oncologists Discuss a Second-Generation BTK for Relapsed/Refractory CLL
December 18th 2024During a Case-Based Roundtable® event, Daniel A. Ermann, MD, discussed evaluation and treatment for a patient with relapsed chronic lymphocytic leukemia after receiving venetoclax and obinutuzumab.
Read More