A cyberattack on prescription processor Change Healthcare is set to cause continued issues for pharmacies and healthcare clinics, as systems remain down almost one full week after the hack was initially detected. The affected systems include claims management, payment services, appointment scheduling, billing and data exchanges, and others. The incident has had a massive effect on pharmacy operations across the US, with Optum providing services to more than 67,000 pharmacies and health care services for over 131 million customers.
Cyberattacks on healthcare organizations like Change Healthcare can have profound consequences. They can lead to the theft of personal and medical information, disrupt healthcare services, and erode trust between patients and healthcare providers. Furthermore, the recovery from such attacks can be costly and time-consuming, involving extensive investigations, strengthening of cybersecurity measures, and efforts to mitigate the damage to affected individuals.
In response to cyberattacks, healthcare companies often have to enhance their digital security infrastructure, implement stricter access controls, and provide training to staff on cybersecurity best practices. They may also work with law enforcement and cybersecurity experts to address the breach’s immediate impacts and prevent future incidents.
The Change Healthcare cyberattack underscores the critical importance of robust cybersecurity measures in the healthcare industry, highlighting the need for ongoing vigilance, investment in security technologies, and adherence to best practices to protect against the ever-evolving threat of cybercrime.
“Healthcare organizations are doing very little to keep their patient data safe and even less to keep their employee data safe. There are almost daily reports of data breaches and malware in healthcare. The most recent slew of reports weren’t even illegal hacks, but cases where hospital marketing teams added code to their websites that directly shared patient information with companies like Facebook and Instagram,” explains DoorSpace CEO Sarah M. Worthy.
Hospitals even demand clinicians share data to overseas contractors, which often leads to this information being potentially accessible and at risk.
“I believe the problems with a lack of patient data protections are a larger problem than employee data, but I regularly come across situations where hospitals demand clinicians share their login and passwords to personal accounts and they give all of their personnel data over to overseas contractors – often just putting all of this information into a cloud storage system that is accessible to anyone able to find the link. Fortunately, we don’t hear a lot about physicians having their professional identities stolen – but these hospitals make it very easy for anyone with decent technical skills to find everything they’d need to impersonate a clinician for a job, credit application or even to fill prescriptions using that physician’s DEA license,” says Worthy.
Patient and employee data is something that should be a priority for healthcare organizations, but the system is more fragile than people may believe.
“The vast majority of systems in hospitals today have virtually no real protections for employee data. I think DoorSpace is truly unique in this space because data security and data access are core to our decision making process in how we build out our platform. It’s critical that everything in our system is encrypted and that clinicians have control over how this data is used and are informed of who is able to access and see their professional data,” Worthy states.
The cyberattack on Change Healthcare serves as a stark warning of the vulnerabilities present within the healthcare sector’s digital infrastructure, underscoring a critical need for robust cybersecurity measures. With the attack causing widespread disruption to pharmacy and healthcare operations, affecting the management of claims, payments, and sensitive data exchanges, the incident not only highlights the immediate impacts on service delivery but also the broader implications for patient and employee data security. As healthcare organizations navigate the aftermath of such breaches, the insights from DoorSpace CEO Sarah M. Worthy shed light on the often-overlooked aspects of data protection, particularly concerning employee information and the risks associated with inadequate safeguards. This incident, along with the broader concerns raised, calls for a reassessment of cybersecurity practices within the healthcare industry, emphasizing the need for encryption, controlled data access, and a proactive stance on data security to protect against the multifaceted threats of the digital age. The path forward must integrate stringent cybersecurity protocols with a commitment to safeguarding the personal and professional information of all individuals within the healthcare ecosystem.
