Will the Change Healthcare case finally make providers do a business impact analysis?
SC Magazine
|
Contributed by: Drex DeFord
Summary
Just over a month after Change Healthcare was hit by a cyberattack that disrupted operations and compromised patient data, United Health Group confirmed the breach, with potential costs reaching $1.6 billion. Despite this, UnitedHealth anticipates meeting its 2024 earnings forecast. The attack has had a profound impact on small providers, who have faced financial struggles similar to those during the Covid-19 pandemic, with reports of significant decreases in revenue. The situation highlights a broader issue within the healthcare sector's preparedness for cyberattacks, underscoring the lack of adequate business impact analyses (BIAs) and incident response plans. This oversight has been exacerbated by a reliance on cyber insurance, which is becoming less viable as insurers increase premiums or deny coverage due to the absence of preparatory measures. The article argues for the necessity of effective BIAs and a proactive approach to cybersecurity, recommending a post-mortem analysis of this incident to improve future security and operational resilience.