Prescription drug orders in the United States have encountered disruptions for almost a week, affecting numerous pharmacies and shedding light on the vulnerability of healthcare data in the wake of a significant cyberattack on Change Healthcare, a division of UnitedHealth Group, the largest health insurer in the US.
The cybersecurity breach, discovered last Wednesday, led UnitedHealth Group to sever connections between Change Healthcare's extensive digital network and its clients. The company still needs to fully restore all affected services, which affect nearly one in three US patient records and roughly 15 billion transactions yearly, as Health Day reported.
(Photo : Joe Raedle/Getty Images) Rosemary Petty, a Publix Supermarket pharmacy technician, counts out a prescription of antibiotic pills August 7, 2007 in Miami, Florida.
Serious Consequences of Cyberattack on Patients
Change Healthcare plays a crucial role in assisting pharmacies in verifying patients' insurance coverage for prescriptions. Reports indicate that some individuals have resorted to paying for medications in cash due to the disruption.
UnitedHealth took immediate action upon discovering the breach, shutting down various services, including tools that allow pharmacies to check a patient's medication costs swiftly. While major drugstore chains like Walgreens report limited effects, smaller pharmacies, including those operated by Dared Price in Kansas, contend with inconsistent service provision.
Price expressed, "For the last week, it has been hit or miss about whether we can take care of patients," highlighting the challenges faced by patients unable to confirm insurance status for more expensive treatments.
Tricare, responsible for US military healthcare coverage, disclosed that its pharmacies are now manually filling prescriptions due to the cyberattack, causing delays in dispensing critical medications.
Change Healthcare issued a statement addressing the ongoing disruption, underscoring its proactive approach to restoring the impacted environment. The company acknowledged the expected duration of the disruption, committing to providing updates as more information becomes available.
Increasing Cyberattacks on the Healthcare Sector
Industry experts point out that UnitedHealth, with its extensive footprint in various healthcare sectors, presents an attractive target for hackers. Fred Langston, Chief Product Officer for Critical Insight, noted that if cybercriminals intend to steal records, "you want to go after the biggest pot of records you can get-you're literally hitting the jackpot."
Research by Omdia, a technology research provider, highlighted that the healthcare sector globally faced the highest number of cyber security breaches between January and September of the previous year. Out of the disclosed breaches, the healthcare industry experienced 241 attacks, surpassing other sectors such as government (147) and information technology (91), covering software, hardware, and IT services, per The Financial Times.
The primary types of cyber breaches in healthcare include hacking, supply chain attacks, phishing, and ransomware, where hackers use malicious software (malware) to encrypt data until a ransom is paid to unlock it. Cybersecurity expert James Lewis from the Center for Strategic and International Studies emphasized the healthcare sector's attractiveness to cybercriminals due to the potential risk to lives.
Earlier this month, TechTimes reported that at least 18 hospitals in Romania fell victim to a massive ransomware attack, crippling the Hipocrate Information System (HIS), responsible for managing medical activities and patient data. HIS production servers were attacked on Feb. 11-12, encrypting critical files and databases and leading the Romanian Ministry of Health to summon IT and cybersecurity experts to investigate.