The recent cyber incident involving Change Healthcare has sent ripples through the healthcare sector and the broader cyber insurance landscape. This attack not only disrupted vital healthcare operations but also highlighted the growing vulnerabilities in digital infrastructure and the importance of comprehensive cybersecurity defenses. As hospitals, pharmacies, and clinics grapple with the fallout, industry stakeholders are reassessing their risk management strategies and insurance coverages to better prepare for future threats.
In the aftermath of this breach, many healthcare organizations have faced delays in processing claims, verifying patient coverage, and reimbursing services. While UnitedHealth, which owns Change Healthcare, has managed to restore some electronic pharmacy services, the core claims processing network remains offline, causing significant operational challenges. The attack, attributed to the notorious ALPHV/BlackCat ransomware group, involved the theft of sensitive data—including Social Security numbers and healthcare records—and encrypted vital files, demanding ransom payments in exchange for decryption keys. Evidence suggests the hackers exfiltrated over four terabytes of data, and the incident underscores the increasing sophistication of cybercriminal tactics in targeting healthcare infrastructure.
The significance of this event extends far beyond immediate service disruptions. Change Healthcare processes around 15 billion transactions annually, amounting to approximately $1.5 trillion in healthcare claims. Many pharmacies and healthcare providers rely heavily on its services for electronic claims submission and reconciliation. The attack has forced more than 90% of U.S. pharmacies to modify their claims processing procedures, resulting in cash flow interruptions and operational standstills. The American Hospital Association has called it “the most significant cyberattack on the U.S. healthcare system in history,” with experts estimating daily losses reaching $100 million.
In response, Coalition is actively supporting affected policyholders by providing guidance on managing their claims and navigating the complexities of business interruption coverage. Many clients are concerned about delays in restoring services and the financial impact of downtime. To assist, Coalition has coordinated with UnitedHealth’s Optum to offer short-term cash flow relief through a Temporary Funding Assistance Program, helping businesses maintain liquidity during this crisis. Additionally, policyholders are being advised on documenting losses and submitting claims, with resources allocated to review these submissions promptly. Our team is also working to identify alternative vendors to replace compromised services, ensuring continuity in healthcare operations.
Contingent business interruption (CBI) coverage plays a crucial role in such scenarios. While traditional business interruption insurance covers losses directly caused by cyber events, CBI extends protection to losses resulting from third-party vendor outages. As seen with the Change Healthcare breach, many organizations suffered operational disruptions because their reliance on external providers was compromised. This coverage has become increasingly vital as more companies depend on third-party infrastructure, which can be vulnerable to cyber threats. Brokers should emphasize the importance of CBI to clients, especially those with significant dependence on external vendors, to mitigate potential long-term impacts.
Data privacy concerns and reputational damage are also imminent risks once systems are restored. Customers may lose trust if they believe their personal health information was compromised, leading to potential legal obligations for breach notification. While it remains uncertain whether formal disclosures are required, policyholders must consider the impact of data exposure and the associated reputational harm. Coordinating with breach counsel and exploring avenues for liability recovery are essential steps in managing these risks effectively.
When discussing cyber risks with clients, brokers should focus on three key points: the importance of contingency plans for third-party outages, the need to prioritize critical technological infrastructure, and the long-term implications of cyber incidents. Encouraging clients to evaluate their vendor dependencies and enhance their resilience can prevent operational paralysis during future attacks. Moreover, it is vital to remind clients that recovery from cyber incidents can span months or years, emphasizing the importance of comprehensive planning and insurance coverage. For more insights on how emerging technologies support healthcare resilience, visit industry support how is ai helping in the healthcare industry.
This incident underscores the persistent cyber threats that target critical health infrastructure and the necessity for robust security measures coupled with comprehensive insurance strategies. As the healthcare sector becomes increasingly digitized, understanding the nuances of coverage like immersive therapy as a new frontier for mental health and the evolving landscape of cyber risks is essential for brokers and healthcare providers alike. Staying informed and prepared can help mitigate the devastating consequences of future attacks.
This article originally appeared in the March 2024 edition of the Cyber Savvy Broker Newsletter. Subscribe to stay informed on the latest developments in cyber insurance and risk management.
This communication is not an insurance proposal. It provides general information and does not constitute legal or professional advice. For tailored guidance, consult a qualified professional. The views expressed do not necessarily reflect those of Coalition. Neither Coalition nor its employees guarantee the accuracy or completeness of this information, and any reliance is at your own risk. Exclusions and limitations apply; see full policy disclosures. Insurance products are offered in the U.S. by Coalition Insurance Solutions Inc. (Cal. license # 0L76155) and Coalition Insurance Company (NAIC # 29530).