Cyber Attack on United Healthcare Division Was Unprecedented in Scope

If you've tried to fill a prescription or get preauthorization for a drug or procedure or -- if you're a health care provider -- tried to submit a bill electronically, you have experienced the widespread crippling of our healthcare infrastructure that resulted from an unprecedented cyberhack. 

As reported by KFF Health News (March 8), 

The American Hospital Association calls the suspected ransomware attack on Change Healthcare, a unit of insurance giant UnitedHealth Group’s Optum division, “the most significant and consequential incident of its kind against the U.S. health care system in history.” While doctors’ practices, hospital systems, and pharmacies struggle to find workarounds, the attack is exposing the health system’s broad vulnerability to hackers, as well as shortcomings in the Biden administration’s response.

Despite the centrality of digital record-keeping, billing, and payment systems, there turns out to be no meaningful governmental involvement in this arena.

To date, government has relied on more voluntary standards to protect the health care system’s networks, Beau Woods, a co-founder of the cyber advocacy group I Am The Cavalry, said. But “the purely optional, do-this-out-of-the-goodness-of-your-heart model clearly is not working,” he said. The federal government needs to devote greater funding, and more focus, to the problem, he said. [emphasis added]

Restoration of full operability after a cyber attack typically takes 30 days, according to Mr. Woods, which means we can all expect slower response times to virtually all requests for health-related services at least through March and probably into April. Meaningful federal action will take much, much longer.