The large-scale cyberattack on Change Healthcare in February 2024 is a stark reminder that digital healthcare infrastructure is both vital to people’s daily lives and vulnerable to attack. The incident broke down the company’s medical claims network, preventing clinics from reimbursing patients and patients from accessing vital services. The total cost of the attack is still unknown, as emergency loan programmes and deferred payments are still being tabulated, but it is suspected that $22 million was paid to the perpetrators while $14 billion in payments could not be processed for up to 30 days.
The severity of cyberattacks varies, but the most alarming type of breach is a ransomware attack, which can prevent access to patient records or medical devices. Research by Cybersecurity Ventures estimated that global ransomware damage costs totalled $20 billion in 2021 and that this figure will increase over time. Such attacks are largely opportunistic, and their impact falls off drastically once best practices are adopted. But organisations that do not have access to backups or the ability to reset compromised systems efficiently find themselves faced with few good options to resolve the situation, leading to the temptation to compensate their attackers to stop the attack.
Investment in data protection measures and personnel can bring visibility to these risks and prevent damage. Healthcare providers in particular should be familiar with the difference in outcome for preventative rather than reactive measures. There are harsh penalties in place for most jurisdictions on healthcare violations, which serves to stress the importance of a patient’s right to privacy.