What Happens in the Downtime During a Data Breach
Introduction
Cyber-threats cause long-term costs and repairs to your reputation…but you might face immediate consequences while the breach is happening too.
When cybercriminals target critical infrastructure in our society, they are actually going after everybody with information stored in their database. Critical infrastructure encompasses those vital services we need for a modern, globally-connected lifestyle like communications, travel and healthcare.
Let’s take a look at a real-life example of a recent cyberattack that affected a major organization. How did the ensuing chaos affect the day-to-day worklife for individuals who work there, and what happens when clients and customers are affected too? What long-term effects can we see?
Attack on Change Healthcare
In February 2024, a ransomware attack went after a medical technology company that connects patients, providers and payers within the United States.
Change Healthcare platforms and services affect about 1 in 3 patients in the U.S. and they employ 15K employees. Therefore, the ransomware incident had a strong ripple effect through the healthcare community.
Change Healthcare processes a significant volume of billing and insurance transactions, meaning that when their systems went down, it caused widespread disruptions in billing systems and insurance claims processing across hospitals, pharmacies, and medical practices. This meant that healthcare providers could not efficiently manage patient billing or process insurance claims, which is critical for both revenue and patient care!
It wasn’t just the workers who couldn’t get their jobs done. With systems down, healthcare providers faced delays in accessing patient records and processing prescriptions. If your local doctor’s office or hospital used Change Healthcare systems or its platform, then you may have found yourself mired in postponed treatments and inability to fill your prescriptions.
What affect would that have on your most recent medical treatment? Probably nothing good!
What Downtime Does for Critical Infrastructure
This one particular attack used ransomware to target this particular third-party vendor, but incidents like this are just one microcosmic epitome of the larger cyber-threat landscape.
Think about how busy your average day of work is. When you’re already under pressure, the last straw you need is the chaos of a system outage. You might have to revert to manual processes, which are typically much slower and more prone to mistakes.
Think about the finances that go into recovering from a breach too. The implications for Change Healthcare and its partners, for example, were significant. The company reported over $1.5 billion in direct costs related to the breach, including ransom payments and recovery efforts. This financial strain can trickle down to employees, potentially affecting job security and resources available for patient care.
Remember, never pay the ransom! In fact, less than half of organizations affected by ransomware actually get their files back after paying the fee. Most likely, the threat actor will take both the data and the money. If they do give you back the data, threat actors still typically threaten to publish the private information they found unless you pay a second fee; this is known as double extortion.
Conclusion
The attack on Change Healthcare in February 2024 highlights a troubling trend where cybercriminals target critical infrastructure, knowing that the consequences of downtime can be severe. This not only affects the organizations, but also the people who rely on timely and effective healthcare, transportation, utilities, financial, and agricultural services!