Hospital Cyberattack: Delving Into the Cyberattack on Change Healthcare

Jarrod Koch

CEO and Partner of DivergeIT

May 15, 2024

In recent years, the healthcare sector has been increasingly targeted by cyber threats, with the latest victim being Change Healthcare, a crucial player in processing patient payments. The cyberattack on Change Healthcare highlights the healthcare system's vulnerabilities and underscores the far-reaching consequences of such incidents.

As the industry grapples with the aftermath of this hospital cyber attack, it raises critical questions about cybersecurity measures, patient care, and the resilience of the healthcare sector in the face of evolving cyber threats.

A visual representation of the prior authorization process in healthcare

The fallout of the hospital cyber attack on Change Healthcare

Change Healthcare, a subsidiary of UnitedHealth Group, found itself at the center of a cyber crisis when it experienced a network interruption due to a cyberattack. The incident, suspected to be the work of a nation-state-associated threat actor, resulted in enterprise-wide connectivity issues and forced the company to disconnect its systems immediately to prevent further impact.

This disruption, which began on February 21, led to widespread service outages, affecting not only Change Healthcare but also its clients and partners across the healthcare ecosystem.

The ramifications of the hospital cyber attack were felt beyond the confines of Change Healthcare's operations. Pharmacies, reliant on Change Healthcare's systems for processing prescriptions and insurance claims, faced delays and disruptions in their services.

Patients found themselves unable to access essential medications due to the inability of pharmacies to process insurance claims, highlighting the direct impact of cyber incidents on patient care and well-being. The incident underscored digital infrastructure's critical role in facilitating healthcare services and the vulnerabilities inherent in interconnected systems.

representing an insurer, symbolizing the role of insurance providers in healthcare

Response and recovery efforts

In response to the cyberattack, Change Healthcare initiated efforts to restore its systems and resume normal operations. However, the company refrained from providing a definitive timeline for recovery, acknowledging the complexity and uncertainties associated with mitigating cyber threats.

UnitedHealth Group, the parent company of Change Healthcare, assured stakeholders that it was actively addressing the incident and working with law enforcement agencies and cybersecurity experts to investigate the breach and restore services.

Meanwhile, industry stakeholders, including the American Hospital Association (AHA), issued advisories urging healthcare organizations to disconnect from Change Healthcare's systems until the safety of reconnection could be independently verified. The incident prompted calls for enhanced cybersecurity measures and contingency planning within the healthcare sector to mitigate the impact of future cyber threats and ensure business continuity.

warning sign for cyber risks, highlighting the importance of cybersecurity in healthcare


The hospital cyber attack on Change Healthcare sparked a series of controversies and speculations regarding the nature and perpetrators of the incident. Reports emerged linking the attack to ransomware groups, with allegations of ransom demands and negotiations between the threat actors and UnitedHealth Group.

The involvement of nation-state-associated threat actors raised concerns about cyber warfare's geopolitical dimensions and potential implications for national security and critical infrastructure protection.

Furthermore, the incident shed light on the challenges healthcare providers face in navigating the complex landscape of cybersecurity regulations and compliance requirements. Organizations struggled to meet timely reporting obligations under the Health Insurance Portability and Accountability Act (HIPAA), exacerbating the confusion and uncertainty surrounding the breach notification process.

Energy and Commerce Committee 2023

Lessons learned and future preparedness

The hospital cyber attack on Change Healthcare serves as a wake-up call for the healthcare industry, highlighting the urgent need for robust cybersecurity measures and proactive risk management strategies. As cyber threats evolve in sophistication and scale, healthcare organizations must invest in cybersecurity infrastructure, employee training, and incident response capabilities to safeguard patient data and preserve the integrity of critical systems.

Collaboration between public and private stakeholders is paramount in addressing the systemic vulnerabilities exposed by cyberattacks. Government agencies, industry associations, and cybersecurity experts must work together to develop comprehensive frameworks for threat intelligence sharing, incident response coordination, and regulatory compliance.

In conclusion, the cyberattack on Change Healthcare underscores the interconnectedness of digital infrastructure in the healthcare system and the imperative of securing these systems against evolving cyber threats. By prioritizing cybersecurity resilience and adopting a proactive approach to risk management, the healthcare industry can enhance its ability to withstand and recover from cyber incidents while ensuring the continuity of patient care and critical services.

An illustration depicting the impact of a cyber attack on Change Healthcare systems

A call to action in the face of cyber threats

The hospital cyber attack on Change Healthcare is a stark reminder of the existential threat cyber adversaries pose to the healthcare sector. Once a beacon of transformation, Change Healthcare now stands as a testament to the vulnerabilities inherent in interconnected systems and electronic health records.

As the healthcare industry navigates the turbulent waters of digital transformation, cybersecurity must emerge as a top priority to safeguard patient care and preserve the integrity of sensitive health information. The time for complacency is long gone; proactive measures and collaborative efforts are imperative to fortify healthcare systems' resilience against the scourge of cyber threats.

In Benjamin Franklin's words, "An ounce of prevention is worth a pound of cure." This adage is more relevant than ever in cybersecurity, where proactive measures can mean the difference between safeguarding patient care and succumbing to the perils of cyber warfare. 

It’s incumbent upon all stakeholders to heed the lessons learned from the cyberattack on Change Healthcare and forge a path toward a future where patient care remains sacrosanct amidst the ever-present specter of cyber threats.

Payment System Diagram

Empowering healthcare: Navigating the landscape of cybersecurity in hospitals

Contact DivergeIT today to safeguard your healthcare organization against the threats of hospital cyber attacks. Our expert team can help you navigate the complexities of cybersecurity, protecting sensitive data and critical systems.

Don't wait until it's too late— reach out to us at or call us at 310-765-7200 to learn how we can secure your Medicare operations and fortify your Change Healthcare systems.

Access to Care Symbol


What is a hospital cyber attack?

A hospital cyber attack refers to a malicious intrusion into the digital systems of a healthcare facility aimed at disrupting operations, stealing sensitive information, or causing other forms of harm. These attacks can take various forms, including ransomware attacks, data breaches, or attempts to compromise patient care systems.

How does cybersecurity protect against hospital cyber attacks?

Cybersecurity measures are essential for safeguarding hospital systems against cyber attacks. This includes implementing robust firewalls, encryption protocols, and intrusion detection systems. Regular security audits and employee training also play a crucial role in maintaining a strong cybersecurity posture.

What role does the Department of Health and Human Services play in combating hospital cyber attacks?

The Department of Health and Human Services (HHS) is actively involved in addressing cybersecurity threats to healthcare organizations. It provides guidance, resources, and support to help hospitals strengthen their cybersecurity defenses and respond effectively to cyber incidents.

How are health systems affected by hospital cyber attacks?

Health systems can experience significant disruptions during a hospital cyber attack. This may include delays in patient care, difficulties in accessing medical records, and challenges in processing billing and payments. Cyber attacks can also erode patient trust and damage the reputation of healthcare providers.

What is the significance of healthcare cyber in the context of hospital cyber attacks?

Healthcare cyber refers to the intersection of cybersecurity and the healthcare sector. Hospital cyber attacks highlight the vulnerabilities present in healthcare IT systems and underscore the importance of robust cybersecurity measures to protect patient data and ensure the continuity of care.

How does the Change Healthcare cyber attack impact the healthcare industry?

The Change Healthcare cyber attack, which occurred in 2024, had far-reaching implications for the healthcare industry. It disrupted billing processes, affected cash flow for healthcare providers, and raised concerns about the security of patient information. The incident underscored the urgent need for enhanced cybersecurity measures across the healthcare sector.

What actions can hospitals take to mitigate the risk of a cyber attack?

Hospitals can take several proactive steps to mitigate the risk of a cyber attack. This includes conducting regular risk assessments, implementing multi-factor authentication, and ensuring robust backup and recovery procedures. Collaborating with cybersecurity experts and staying informed about emerging threats is also crucial.

How can healthcare organizations respond to a ransomware attack like the Change Healthcare cyberattack?

In the event of a ransomware attack like the Change Healthcare cyberattack, healthcare organizations should follow established incident response protocols. This may involve isolating affected systems, notifying appropriate authorities such as the Cybersecurity and Infrastructure Security Agency (CISA), and engaging with cybersecurity experts to contain and remediate the attack.

Additionally, organizations may need to consider paying a ransom as a last resort to regain access to critical systems and data. However, this decision should be weighed carefully, taking into account legal and ethical considerations.

Interested in learning more? Click the button!

Contact Us