Skip to content
All about technology.All about cybersecurity.

Criticism mounts from cyber specialists over prolonged recovery period of Change Healthcare's hack incident

Unhealth Group's medical claims clearinghouse suffered a breach over four weeks ago, leaving approximately 100 services still offline. This event, according to experts, has led to unparalleled repercussions.

 and  Administrator
3 min read
Cyber professionals criticize the prolonged recovery of Change Healthcare's post-cyber attack state
Cyber professionals criticize the prolonged recovery of Change Healthcare's post-cyber attack state

Criticism mounts from cyber specialists over prolonged recovery period of Change Healthcare's hack incident

In the rapidly evolving digital landscape, the importance of robust cybersecurity measures has never been more evident. Recent high-profile cyberattacks, such as the ongoing ransomware attack on Change Healthcare, have underscored the need for a comprehensive disaster recovery and incident response strategy.

Chester Wisniewski, global field CTO at Sophos, emphasized that IT systems in large environments are customized, and the level of reliance upon them varies. To ensure a worst-case recovery time of less than four weeks after a cyberattack impacting critical infrastructure services, companies should implement a strategy focused on resilience, preparation, and testing.

Key best practices include adopting cloud-first infrastructure with immutable backups, maintaining multiple offline and geographically distributed backups, developing detailed incident response and recovery plans, implementing phishing-resistant multifactor authentication, performing regular cyber risk assessments and vulnerability scans, segmenting and securing networks, training staff on security awareness, and leveraging automation and AI-based threat detection tools.

Chris Henderson, senior director of threat operations at Huntress, described the sustained damages from ransomware attacks as unprecedented. The ransomware attack on Change Healthcare, a company that handles 1 in 3 patient records, is causing nationwide disruption. Recovering from such attacks can be a complicated endeavour, especially when malware or footholds need to be eradicated from many interconnected systems.

Despite some services resuming operations, Change Healthcare's medical claims network remains offline. Criticism from cybersecurity experts suggests deficiencies in Change's backup procedures and preparedness to respond to cyberattacks. The duration of Change's response and recovery time, 29 days since the intrusion was detected, is concerning.

Similar incidents, such as the attacks on UnitedHealth Group's medical claims and payment processing platform and the City of Dallas and Prospect Medical Holdings last year, have taken over a month to fully resume operations. Recovering from ransomware attacks might require completely rebuilding infrastructure from the ground up.

Katell Thielemann, distinguished VP analyst at Gartner, stated that response and recovery should be immediately elevated as a core focus area. More than 110 services on Change Healthcare's IT infrastructure are still offline, while about 20 have resumed operations. UnitedHealth Group, which acquired Change for $13 billion in late 2022, is working aggressively to restore systems and services, enacting manual processes where necessary.

The impacts of the Change incident are beyond comparison compared to other recent cyberattacks like the MOVEit mass exploit, the SolarWinds Orion software attack, and the Kaseya attack. Brett Callow, threat analyst at Emsisoft, stated that a critical service like Change's should have a recovery time of less than four weeks.

In conclusion, the ongoing disruptions caused by the Change Healthcare cyberattack serve as a stark reminder of the importance of robust cybersecurity measures. By focusing on resilience, preparation, and testing, companies can significantly reduce their recovery time in the event of a cyberattack, ensuring minimal disruption to critical infrastructure services.

  1. The Change Healthcare ransomware attack, which has impacted 1 in 3 patient records, highlights the necessity of a comprehensive disaster recovery and incident response strategy in the digital landscape.
  2. Chester Wisniewski suggests that companies should aim for a recovery time of less than four weeks after a cyberattack by implementing resilience, preparation, and testing strategies, involving measures such as adopting cloud-first infrastructure, maintaining multiple backups, and leveraging automation and AI-based threat detection tools.
  3. Despite some services resuming, Change Healthcare's medical claims network remains offline, raising criticism from cybersecurity experts who point to potential deficiencies in its backup procedures and readiness to respond to cyberattacks.
  4. The duration of Change's response and recovery time, 29 days since the intrusion was detected, is concerning, considering similar incidents, like the attacks on UnitedHealth Group and the City of Dallas, have taken over a month to fully resume operations.
  5. Katell Thielemann emphasizes that response and recovery should be a priority, with the impacts of the Change incident surpassing other recent cyberattacks like MOVEit, SolarWinds, and Kaseya.
  6. Brett Callow suggests that critical services like Change's should have a recovery time of less than four weeks, underscoring the importance of robust cybersecurity measures for business continuity and effective incident response.

Read also:

    Related

    Latest