It has been nearly a year since Change Healthcare, a major clearinghouse in the healthcare industry, fell victim to a significant cyberattack. The attack, carried out by BlackCat ransomware, left the company incapacitated and led to widespread repercussions for healthcare organizations across the country. The breach, which allowed hackers access to Change Healthcare’s network due to the lack of basic security measures like multifactor authentication, was deemed the largest healthcare data breach of the year and possibly of all time.
As we reflect on the lessons learned from this massive cybersecurity incident, industry experts have highlighted the importance of addressing vulnerabilities in vendor relationships and third-party partnerships. Scott Mattila, Chief Information Security Officer at Intraprise Health, emphasized the need for a robust security framework like HITRUST to manage risks effectively and protect sensitive data. Jonathan Shoemaker, CEO of ABOUT Healthcare, stressed the importance of implementing best practices to monitor and mitigate security risks.
The downtime experienced by Change Healthcare underscored the critical need for secure and accessible healthcare information. Kim Perry, Chief Growth Officer at emtelligent, emphasized the value of safeguarding data, especially as the industry moves towards increased data liquidity to meet interoperability standards. Dr. Michael Poku, Chief Clinical Officer at Equality Health, highlighted the risks associated with centralized healthcare platforms and the importance of investing in advanced security technologies to protect systems.
Jett Reidy, Chief Product and Technology Officer at EnableComp, emphasized the necessity for cross-industry collaboration to enhance cybersecurity defenses and protect the healthcare ecosystem. Chris Carmichael, Senior VP of Business Development at R1, stressed the importance of implementing simple yet impactful measures like multi-factor authentication, employee training, and regular security testing to safeguard sensitive data and maintain trust in the digital age.
As we look back on the Change Healthcare breach, it is evident that the healthcare industry still has work to do in combatting cyber threats. By prioritizing proactive cybersecurity measures, fostering collaboration, and implementing robust security practices, healthcare organizations can enhance their defenses and ensure the integrity of patient data. The lessons learned from this cyberattack serve as a reminder of the ongoing need for vigilance and innovation in the face of evolving cyber threats in the healthcare sector.
Mike Miliard, Executive Editor of Healthcare IT News, can be reached at mike.miliard@himssmedia.com. Healthcare IT News is a HIMSS publication.
