Change Healthcare Cyberattack

Hospitals and Pharmacies Impacted After Change Healthcare Cyberattack

Recently, we’ve noticed increased cybersecurity threats and incidents, particularly affecting small and medium-sized businesses and critical services like healthcare. A prime example of such an incident is the Change Healthcare breach on February 21st. The breach significantly impacted the military community, including the VA and hospitals. The breach rendered pharmacies unable to conduct electronic transactions and forced healthcare providers to process prescriptions, prioritizing urgent cases manually.

The breach might be connected to a known software vulnerability, which resulted in the criminal deployment of ransomware. The impact of this breach is widespread, as Change Healthcare is a significant pharmacy provider and payment processing company, affecting not just military communities but also the general public. Individuals and businesses must take preventive measures to secure their data and ensure they are well-prepared for future cyberattacks.

Key Takeaways

• The Change Healthcare breach has a massive impact on military communities and healthcare systems, leading to disruptions in pharmacy transactions.
• The breach might be associated with a software vulnerability that paved the way for criminals to deploy ransomware.
• Individuals and businesses must adopt preventive measures and disaster recovery plans to safeguard against cyber threats.

Hear From Our
Happy Clients

Read Our Reviews

Host and Guest Introduction

Getting to Know Blake Schwank

Blake Schwank woeks at CCS IT Pros.

Introducing Terry Bradley of Mile High Cyber

Terry Bradley is the president of Mile High Cyber. Their primary focus is on assisting small and medium-sized businesses in managing their cyber security risks and identifying potential issues that could arise. We take pride in keeping a vigilant watch over our clients.

As veterans, Terry and Blake share thoughts on the recent Change Health Care breach on February 21st. This breach has affected the military community and general users who access healthcare services through TRICARE and the Veterans Administration (VA). We want to discuss the potential implications of this breach on the affected parties and provide some recommendations to mitigate the risk.

1. Pharmacies Impacted: Military hospitals, VA facilities, and various civilian pharmacies are having difficulties processing prescriptions electronically due to the Change Health Care breach. The pharmacies have resorted to manually filling prescriptions and prioritizing emergency cases, pain medications, and inpatient cases. Check the status of your prescription and plan to avoid delays.
2. Possible Vulnerability: Although it’s still early, the breach could be related to the ConnectWise ScreenConnect vulnerability announced last week. Attackers might have used this Remote Management tool flaw to gain initial access to Change Health Care’s systems, and once inside, the criminals could have deployed ransomware.
3. Impact on Payment Processing: The breach has affected both prescription and payment processing with insurance companies. Patients with high-cost prescriptions may face hurdles in getting their medications.
4. Potential Data Exfiltration: While there haven’t been any official announcements regarding data exfiltration at this point, it is possible that sensitive patient information could have been stolen and used as leverage in future ransom payment negotiations.

Blake and Terry recommend locking your credit by contacting the credit bureaus (Equifax, TransUnion, etc.) to protect yourself. This small preventive step can help safeguard your personal information from potential misuse.

Surprisingly, a company as large as Change Health Care might not have a well-thought-out disaster recovery plan. All businesses should have a disaster recovery plan and practice and test it regularly to ensure smooth recovery in case of unfortunate events.

Overview of the Change Healthcare Breach

The Change Healthcare breach, which took place on February 21st, has significantly impacted the military community and the general public. As a result, pharmacies in military hospitals and those supported by the system can no longer process electronic transactions. This has led to the manual processing of prescriptions and prioritizing emergency cases and pain medications.

Change Healthcare is one of the largest pharmacy payment processing providers, and this breach has affected not only military personnel but also individuals receiving care through TRICARE and the Veterans Administration (VA). The VA has provided resources on its website for those affected to seek assistance with prescriptions.

The potential cause of the breach may be linked to a vulnerability in the ConnectWise ScreenConnect remote management tool. This vulnerability could have allowed attackers access to the Change Healthcare network and resulted in the deployment of ransomware, encrypting files and systems. While there has been no official statement regarding data exfiltration, those behind the attack have likely taken sensitive patient information.

As we wait for more information on the potential repercussions of this breach, it is essential to take precautions to protect personal information. We recommend locking your credit with the major credit bureaus to prevent unauthorized access to your credit history. Furthermore, it’s crucial for companies affected by such breaches to have a robust disaster recovery plan in place and to practice its execution regularly.

Impact on Military Communities

As discussed earlier, the Change Health Care breach on February 21st has dramatically impacted the general public and military communities. With numerous military installations and hospitals in Colorado Springs alone, the breach is causing issues for many service members and their families.

One of the significant consequences of this breach is that pharmacies at military hospitals cannot process electronic transactions at the moment. They have to rely on manual methods for filling prescriptions, which can result in delays, especially for those with non-emergency prescriptions.

At the time of the breach, the VA website had a notice explaining that if you were being served by a medical facility contracted by the VA, you could go to the VA, and they would help you fulfill your prescriptions. However, due to the manual processing, priority is given to emergency cases, and those with standard prescriptions are advised to stay away for now.

Another issue brought about by this breach is the inability to payment to insurance companies. Some people are forced to spend hours on the phone trying to sort out their prescription payments, especially if they have high-cost medications. In addition, the breach’s duration may create a backlog and may last longer, so people should plan and refill their prescriptions sooner than usual.

We also want to emphasize the importance of protecting your credit if your personal information was compromised during this breach. Freeze your credit at significant credit bureaus like Equifax and Transunion. This additional layer of security can help prevent unauthorized access to your credit.

As for the breach itself, it’s worth noting that there could be fines and penalties for the responsible party for not updating systems promptly or having proper security measures in place.

Pharmacy Challenges Post-Breach

Electronic Transaction Difficulties

Due to the cybersecurity breach, we have experienced challenges processing electronic pharmacy transactions. This affects military installations, hospitals, and patients using other healthcare providers.

Some of the consequences we currently face include:

• Inability to process electronic payments: This affects patients who require expensive medications, as they may struggle to pay out-of-pocket for prescriptions costing thousands of dollars.
• Process delays: Healthcare providers now have to process prescriptions manually, which may cause long waiting times.
• Backlog: As the breach persists, the backlog of prescriptions will continue to grow, increasing delays and potential patient problems.

Patient Consequences

The cybersecurity breach has had significant consequences for our patients. Here are a few effects we’ve noticed:

• Limited service availability: Healthcare providers focus on fulfilling high-priority prescriptions, such as pain and essential medication for inpatient cases. This leaves lower-priority prescriptions with longer waiting times.
• Uncertainty regarding personal data: The breach could leak patients’ private information, such as sensitive medical records and personal identifiers. This may lead to identity theft or fraud if the information is used maliciously.
• Stress and inconvenience: Patients face increased stress and inconvenience due to disrupted processes complicated by the need to secure and monitor their credit.

It’s crucial for everyone affected by this breach to stay informed, take necessary precautions, and plan accordingly. Please check with your healthcare provider and credit bureaus to ensure your information and medications are secure.

Potential Cause of the Breach

While investigations are ongoing, it’s possible that the Change Healthcare breach could be linked to the recently disclosed vulnerability in ConnectWise ScreenConnect – a remote management tool used by IT professionals. If true, this security flaw may have provided attackers with the initial access they needed to infiltrate the system.

Once inside, it’s presumed that the attackers deployed ransomware, encrypting files and computers within Change Healthcare’s network and rendering them unable to process prescriptions or generate revenue. This has had a significant impact on both military hospitals and civilian institutions and is further complicated by the need to manually process insurance claims, which causes significant delays for patients.

Infections like these are becoming increasingly common, and it should be anticipated that attackers have exfiltrated sensitive data during the breach. They often use this data as leverage, forcing organizations to pay a ransom or face the consequences of sensitive information being exposed. We would be remiss not to expect fines and penalties for companies that do not maintain adequate security measures.

Both individuals and businesses must take preventive measures, such as locking one’s credit with major credit bureaus and maintaining up-to-date disaster recovery plans. Additionally, these plans should be practiced and tested, as unforeseen issues can arise during an actual disaster event.

Ransomware Attack and Its Implications

The recent ransomware attack on Change Health Care has direct and indirect consequences for various institutions, including military installations, Veterans Administration facilities, and average citizens. This section will explore some of the critical implications of this cyber incident.

The attack appears to have been initiated through a vulnerability in a widely-used Remote Management tool, ConnectWise Screen Connect, which enabled the attackers to infiltrate the system and deploy ransomware. Consequently, Change Health Care’s functions, including electronic prescription and payment processing, have been severely disrupted.

As a result, pharmacies cannot perform electronic transactions, affecting military installations and civilian hospitals, among other establishments. The impacts have been felt throughout the healthcare supply chain, with some medical facilities resorting to manual prescription-filling processes for their most critical cases.

The current attack has also given rise to problems with payment processing for expensive prescriptions. Patients have been facing hardships in processing their insurance claims, leading to delays and financial challenges.

While it is still uncertain whether the attacker exfiltrated any patient data, it is common practice among cybercriminals to use stolen data as a bargaining chip. Consequently, there may be potential fines and penalties that Change Health Care could face for not protecting their systems effectively.

In light of this incident, individuals must consider protecting their personal information, such as placing a lock on their credit reports. For businesses, it underscores the importance of having a robust disaster recovery plan and conducting regular practices to ensure backup systems are functioning correctly.

Broader Effects on Healthcare Systems

Considering the consequences of major cyber attacks, such as the Change Health Care breach, it’s crucial to acknowledge the extensive impact on healthcare systems. This incident disrupted pharmacy services, causing significant inconvenience for military personnel, veterans, and ordinary citizens relying on timely prescription fulfillment.

When electronic transactions were halted, pharmacies had to resort to manual methods. This hindered efficiency, and priority had to be given to critical cases such as pain medications and inpatient prescriptions. As the situation persisted, some people faced difficulty in processing expensive prescriptions due to issues with insurance companies. Backlogs steadily increased as the problem extended beyond the expected timeline.

The possibility of stolen sensitive data raises additional concerns. Given the increasing prevalence of double or triple ransomware attacks, we expect that unauthorized parties could access personal data, using it for further extortion and leverage. This scenario underscores the importance of ensuring adequate security measures are enforced.

In the wake of such attacks, individuals must proactively safeguard their data. Contacting credit bureaus to lock credit is highly advisable, as it adds an extra layer of protection against identity theft.

Finally, businesses must prioritize and regularly review their disaster recovery plans. While backup strategies are essential, many organizations do not rigorously test these measures in real-world scenarios. Implementing and practicing robust disaster recovery plans ensures businesses can promptly respond to incidents like the Change Health Care breach, minimizing widespread disruption to vital healthcare services.

Advice for Affected Individuals and Military Personnel

Options for Prescription Fulfillment

For those affected by the recent Change Health Care breach, we highly recommend exploring alternative options to fulfill your prescriptions.

For instance, if you are being served by a medical facility contracted by the VA, head to the VA, where they can assist in fulfilling your prescriptions.

Check with your Military Hospital or the VA for support for military personnel. The VA has an 800 number on its website to assist with inquiries.

Remember to plan; if this situation has persisted for seven days, it may continue for another seven or more. Ensure you keep track of your prescription refills and don’t wait until the last moment.

Filing High-Priority Prescriptions Manually

Military personnel, VA-affiliated, and civilian patients should know that pharmacies impacted by the Change Health Care breach are temporarily filing high-priority prescriptions manually. This includes medications for pain relief, emergent cases, and in-patient scenarios. For those with regular prescriptions, it is advisable to postpone your requests to allow the most critical ones to go through.

Expensive prescriptions may not be processed with insurance companies during this period. Prepare to cover the cost of your medications upfront and consider locking your credit as a preemptive measure against identity theft.

We encourage everyone to stay vigilant and proactive in maintaining their health and security during this challenging time.

Data Exfiltration Concerns

Cyber security professionals must address the potential risks associated with data exfiltration following cyber attacks like the recent Change Health Care breach.

Even though there hasn’t been any confirmation regarding stolen patient data, it’s crucial to be prepared for such scenarios.

Through our experience, we have observed the rise of double or even triple ransomware attacks. Culprits might first steal sensitive information and use it as leverage if the targeted organization doesn’t pay the ransom for decryption. If that approach doesn’t work, they may seek other ways to extort the victims.

Given the nature of the healthcare industry, stolen data could include sensitive personal information such as social security numbers, addresses, and medical records.

As a precaution, we recommend locking your credit with the major credit bureaus, such as Equifax, TransUnion, and others, to prevent unauthorized access to your credit.

On our end, we understand the importance of having robust disaster recovery plans to minimize the impact of such breaches.

Regular testing and practice of recovery procedures can help mitigate risks. Additionally, ensuring that backups are correctly configured and functional is essential for restoring data after an attack.

We must always strive to improve security measures and stay updated on the latest vulnerabilities to protect businesses and individuals from the ever-evolving threats in the digital world.

Preventive Measures for Individuals

Keeping your personal information private and secure is crucial in today’s digital world, especially after data breaches. In this section, we discuss two methods that can help safeguard your credit.

Freezing Your Credit

Credit freezing is a preventive measure that restricts access to your credit reports. This makes it more difficult for identity thieves to open new accounts in your name.

You must request a freeze by contacting each of the three major credit bureaus (Equifax, Experian, and TransUnion) to freeze your credit.

While this adds an extra level of protection, it also requires you to temporarily unfreeze your credit whenever you need to apply for a loan, credit card, or other services that require a credit check.

• Pros: Freezing your credit is free and offers great protection against identity theft.
• Cons: You must temporarily lift the freeze each time you apply for new credit.

Locking Your Credit with Bureaus

Another option is to lock your credit with the credit bureaus. This works similarly to a credit freeze but allows you to unlock your credit more quickly, usually through an app or online interface.

While this method is more convenient, it may come with a cost, as the bureaus may charge a fee for their locking services.

• Pros: Locking your credit offers a more convenient way to protect your credit while taking advantage of new credit opportunities.
• Cons: There could be fees associated with locking your credit, which does not guarantee the same level of protection as a credit freeze.

Choosing between credit freezing and locking depends on your needs and preferences. Both options protect against identity theft, but credit freezing offers greater security while locking is often more convenient.

Importance of a Disaster Recovery Plan

Recognizing Potential Weaknesses in Existing Plans

Businesses must identify any possible shortcomings in their current disaster recovery plans.

Whether due to outdated systems, untested plans, or unforeseen factors, any vulnerability can lead to significant consequences, such as the inability to process prescriptions or manage sensitive customer information.

Practicing Recovery Procedures is Essential

For a disaster recovery plan to be truly effective, having a plan on paper is not enough. We must also practice our recovery procedures regularly to ensure that our backups function correctly when needed.

Restoring from backups might seem like a great strategy, but it could fail during an emergency if anything is misconfigured or unreliable.

With the unpredictable nature of cyber threats, companies need robust and well-practiced disaster recovery plans. By identifying potential weaknesses in existing plans and diligently practicing recovery procedures, we can help safeguard our systems, maintain critical operations, and protect sensitive information from malicious actors.

Have Cybersecurity Concerns? Call CCS Today

As cybersecurity experts, we at CCS are dedicated to helping businesses like yours manage and mitigate cybersecurity risks. We have seen firsthand how impactful security breaches can be, significantly, when sensitive data and systems are compromised. Such disruptions can lead to delays in services and potentially devastating financial losses.

One recent example of a cybersecurity breach affecting a large healthcare company prompted pharmacies to resort to manually processing prescriptions. This slowed down services and inconvenienced patients. It also highlighted the importance of having a solid disaster recovery plan in place, as well as practicing and perfecting restoration procedures.

Don’t let your business fall victim to cybersecurity threats. Here are some services we offer to help protect your organization:

• Risk Management: Identifying potential weaknesses and vulnerabilities in your systems.
• Data Protection: Ensuring that sensitive information is secure and backed up.
• System Monitoring: Constant surveillance to detect and prevent any unauthorized access.
• Disaster Recovery Planning: Preparing for potential cybersecurity incidents and planning swift recovery.

In today’s digital world, cyber-attacks are becoming more sophisticated and far-reaching. Don’t leave your business at risk – call CCS today for a comprehensive cybersecurity solution tailored to your needs.