Welcome to the First Column IT Tech Blog

HomeBlog
What Small Businesses Can Learn from the UnitedHealth Hack

What Small Businesses Can Learn from the UnitedHealth Hack

March 22, 2024

Cyberattacks often attack healthcare organizations, including businesses and vendors they associate with, primarily due to how lucrative they can be. One particularly nasty hack is just one of the many organizations which have been featured in headlines due to their inability to protect against security threats. Let’s explore this new situation with UnitedHealth Group and see if there is anything you can learn from it.

Change Healthcare Suffered a Hacking Attack

One of the major functions of medical organizations is that they need to communicate with insurance providers to obtain authorization and payment for various medical services. They might use intermediary businesses to handle this task, and as is the case with most healthcare-related companies, there are regulations in place to keep patient data safe throughout this process. Historically, there have been many challenges associated with this process.

Software has allowed these intermediaries to more effectively do their jobs, but digitizing any process inevitably puts it at risk of cyberattacks. The increasingly digitized world exemplifies this, as the greater level of cyberattacks in general has shown that even small businesses are at risk of potential breaches, let alone larger targets like hospitals and insurance providers.

Let’s Look at the Change Healthcare Incident

As one of the aforementioned intermediaries, Change Healthcare processes 15 billion transactions per year between UnitedHealth Group and its affiliates. Naturally, this makes it a massive target. The ransomware group BlackCat/ALPHAV, known for targeting the healthcare industry, allegedly targeted Change Healthcare. The organization immediately took their systems down once the threat was detected, and as of this writing, their systems still in operation have passed cybersecurity firm evaluations.

Despite these efforts, however, six terabytes of Change Healthcare source codes and data about healthcare, insurance providers, and pharmacies were stolen.

The group has declined to comment further on the matter, as well as whether or not they paid the ransom, but the ransomware group insists that they were paid $22 million, citing an unknown blockchain transaction as evidence of their accusation. Whether or not it’s the truth, UHN stock fell by $30 billion in cap market value, making the consequences of this incident even more significant.

Throughout this, many doctors, hospitals, and pharmacies suffered billing challenges, and UnitedHealth Group has made many attempts to quickly address the problem with Change Healthcare. Even the United States Department of Health and Human Services has issued a recommendation that they adopt measures like waiving prior authorizations and accepting paper bills to help address these operational issues. It’s gotten so bad that many providers have been advised to go with a different clearinghouse if they are dealing with limited cash flow.

This is Admittedly a Severe Example, but You Can Learn From Their Mistakes

Prioritize Redundancy and Continuity

This service outage impacted a lot of healthcare organizations, but not in the same ways. Large organizations that had the ability to make difficult decisions on the fly had an easier time adjusting, whereas smaller companies that relied on the services had a more difficult experience. With fewer options and resources at their disposal, it’s no wonder small companies have a harder time keeping up.

At the heart of your organization’s efforts should be redundancy and continuity. If something doesn’t work the way it’s supposed to, then you’ll want to have a backup plan ready to go at a moment’s notice. This is not a problem exclusive to large businesses, and a limited budget is not an excuse to forego these critical components.

Continuity Involves More Than Just Your Business

Ultimately, one of the most important things that your organization must maintain is interconnectivity and collaboration. If at any point there is an issue with this, your operations could be impacted—particularly for smaller businesses that don’t have as many failsafes. If you rely on an external provider, you should thoroughly vet them and their security measures to ensure they are up to the task of helping your business.

Don’t Forget Cybersecurity

Similarly, businesses must take cybersecurity seriously, as failing to do so could lead to expensive issues that are not easily solved—even with deep pockets. Your cybersecurity department or outsourced IT team should be able to detect and prevent security breaches through preventative measures and proactive monitoring.

This philosophy is at the heart of the services we at First Column IT offer. To learn more about what we can do to protect your organization, be sure to call us today at (571) 470-5594.

TAGS
HIPAA
TAGS
Data
Previous Post
May 30, 2024
How You Can Increase Your Customers’ Satisfaction Levels
Today's consumers are exceptionally knowledgeable, which makes you need to prioritize a proactive approach to creating exceptional customer experiences to build lasting relationships. Let’s explore strategies for enhancing customer satisfaction and retention.
May 23, 2024
6 Critical Considerations for Effective IT Inventory Management
Managing your organization's technology can pose unexpected challenges. Firstly, many businesses overlook their technology as long as it functions adequately. Secondly, technology turnover within an organization can be rapid. In this month's newsletter, we'll go into essential steps for gaining control over your technology inventory.
May 21, 2024
3 Benefits that Come with a Managed Service Agreement
Technology presents a significant challenge for businesses of all sizes, whether you're a quaint family-run shop or a swiftly expanding enterprise. The upkeep of technology—from hardware like computers and servers to software solutions and point-of-sale systems—is a perpetual task. This month, we aim to explore how managed IT solutions can optimize your resources by providing a straightforward, convenient, and cost-efficient alternative to hiring multiple in-house technicians.

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here