UnitedHealthcare-Owned Change Healthcare’s Ransomware Attack Has Widespread Implications

Viewpoints from Craig Hasday

Updated March 7, 2024

The healthcare industry has become increasingly reliant on digital technologies to streamline processes, improve patient care, and enhance overall efficiency. 

However, with this digital transformation comes the risk of cyber threats and data breaches that can have far-reaching consequences. One such incident that has garnered significant attention is the cyber breach at Change Healthcare, a leading healthcare technology company owned by UnitedHealthcare. Change Healthcare is a key player in the healthcare industry, providing a wide range of services and solutions to healthcare providers, payers, and patients. The company’s systems contain vast amounts of sensitive information, including patient records, financial data, and other confidential information. 

A cyber breach at Change Healthcare has the potential to expose this information to unauthorized parties, leading to serious consequences for both the company and the healthcare system at large. 

The impact of this breach extends beyond individual patients to the healthcare providers and organizations that rely on Change Healthcare’s services. Healthcare providers depend on accurate and secure data to deliver quality care to their patients. A breach of this magnitude disrupts operations, compromises patient care, and damages the reputation of healthcare providers. It also underscores the interconnected nature of the healthcare ecosystem. Healthcare providers, payers, technology vendors, and other stakeholders are all part of a complex network that relies on secure data exchange to deliver efficient and effective care. A breach at one point in this network can have ripple effects throughout the entire system, disrupting operations, compromising patient safety, and eroding trust among stakeholders. 

The healthcare industry has taken a proactive approach to cybersecurity and data protection and this breach underscores its importance. 

Implementing encryption technologies, multi-factor authentication, regular security audits, and employee training programs to enhance awareness of cyber threats, and collaboration with cybersecurity experts, government agencies, and industries is critical. UnitedHealthcare – together with cyber experts and even governmental authorities – is moving quickly to recover, but no doubt the implications of this incident at Change Healthcare will take time to resolve and people will be inconvenienced. At EPIC, our information technology (IT) team is diligently working through the issues as they arise.

The impact of the Change Healthcare cyber hack continues to unfold.

The American Hospital Association has dubbed this the “most significant cyberattack” impacting healthcare. Humana and Elevance Health (Anthem) reported a 15% to 20% reduction in claims over the past few weeks. Workarounds are being developed, but there is no doubt that providers’ cashflows are being pinched. Self-insured employers are feeling a short-term reprieve from claims, but no doubt these will return, and complex discount and repricing arrangements are at an increased risk of calculation error. Cashflow expectations need to be adjusted.

Is your advisor keeping you informed of the latest news on Change Healthcare? If not, you should contact EPIC. We have your back.

EPIC offers this material for general information only. EPIC does not intend this material to be, nor may any person receiving this information construe or rely on this material as, tax or legal advice. The matters addressed in this document and any related discussions or correspondence should be reviewed and discussed with legal counsel prior to acting or relying on these materials.