Question of the Day: Change Healthcare Cyberattack


Q: On February 21, 2024, Change Healthcare, a subsidiary of UnitedHealth Group, experienced a large-scale cyberattack. What was the outcome of the attack and how can organizations prevent similar incidents?

A: The attack began when BlackCat (also known as ALPHV), infiltrated Change Healthcare’s system. From there, the cybercriminal group deployed ransomware to render a variety of sensitive data and essential operations across Change Healthcare’s system unavailable. Black Cat then demanded the company make a large payment in exchange for restoration.

In response to the attack, Change Healthcare immediately disconnected more than 111 of its services to prevent further damage and contacted law enforcement. The company’s services remained disconnected for 1 week, ultimately leaving doctors and hospitals unable to bill, manage and issue prescriptions and restricting patients from making health insurance claims. This downtime may have cost health care providers up to $100 million per day.

On March 1st, Change Healthcare began to show signs of recovery as the company made temporary funding available to health care providers in its system. A few days later, Change Healthcare restored services related to prescription claim submissions and payment operations. The company reinstated the remainder of services the week of March 18th.

As ransomware incidents like the Change Healthcare cyberattack become more frequent and costly, it’s important for organizations to take steps to prevent similar losses. Below are some prevention tips to keep in mind:

  • Protect sensitive data. Select safe locations to store critical information, establish routine data backup protocols and implement access control policies.
  • Utilize effective security software. This includes antivirus software, patch management plans, endpoint detection and response solutions and email authentication technology.
  • Prioritize technical procedures. This may involve setting up RDP safeguards to limit possible attack avenues, segmenting and segregating different networks to stop the spread of attacks, and prioritizing end-of-life software management to reduce attack exposures from outdated technology.
  • Educate employees. Employees should be regularly educated on the latest ransomware threats, detection practices and response methods.
  • Have a plan. Organizations should include ransomware attack scenarios in their cyber incident response plans and periodically evaluate the plans.
  • Approach ransom demands with caution. The FBI generally advises against complying with ransom demands, as there is no guarantee that cybercriminals will follow through with their end.
  • Purchase proper coverage. It’s imperative for organizations to secure adequate cyber insurance to maintain financial protection against losses resulting from ransomware attacks. Organizations should consult insurance professionals to discuss specific coverage needs.


Leave a Replay

Liberty Insurance Agency

As one of the top insurance agencies in Western Pennsylvania, we’re proud to serve more than 7,000 business and personal clients regionally, nationally, and internationally.

Recent Posts

Follow Us

Recent Video

Sign up for our Newsletter

We’ll keep you up-to-date with changing liabilities and insurance needs.