Inside the Change Healthcare Cyberattack: A Security Analysis

Recently, the healthcare sector faced a significant cybersecurity challenge when Change Healthcare, a prominent healthcare payment and management solutions provider, became the target of a sophisticated cyberattack by ransomware group BlackCat. This blog post offers an in-depth analysis of the incident, exploring the specifics of the breach, identifying the perpetrators, and assessing its profound impact on healthcare operations and security protocols. We delve into the complexities of this pivotal event, uncovering the vulnerabilities it exposed and the essential lessons it imparts to the broader healthcare industry.

Background on Change Healthcare

Change Healthcare is an integral player in the healthcare technology landscape, known for its comprehensive suite of payment and revenue cycle management solutions. It acts as a crucial intermediary, facilitating transactions between healthcare providers and insurance companies. Processing billions of transactions annually, its services are vital for the smooth operation of healthcare practices across the United States. Owned by UnitedHealth Group, Change Healthcare’s influence on the healthcare industry’s operational efficiency cannot be overstated.

The Cyberattack Detail

On February 21, Change Healthcare reported a significant breach in its information technology network. The attack was promptly identified, leading to immediate measures to isolate and disconnect the impacted systems. This swift action was critical in containing the breach, yet the fallout was immediate and widespread, disrupting essential services across the U.S. healthcare system.

The attackers, identified as the ransomware group Blackcat (also known as Noberus and ALPHV), are known for their aggressive tactics, including data theft and extortion. By claiming responsibility for the attack, Blackcat added to the growing list of ransomware incidents targeting the healthcare sector, raising alarms about the sector’s vulnerability to cyber threats.

Aftermath and Impact

The cyberattack on Change Healthcare brought immediate, tangible disruptions to healthcare operations, particularly affecting payment processing and revenue cycle management. Smaller healthcare practices were among the hardest hit, facing acute financial pressures as their ability to process reimbursements from insurers was severely compromised. Dr. Purvi Parikh, an allergist and immunologist with a private practice in New York City, succinctly captured the essence of the turmoil: “We haven’t been able to receive reimbursements from insurers for patient visits, which makes it difficult for the practice to pay for operational expenses like payroll and medical supplies.”

This incident has sparked a significant conversation within the healthcare community regarding the robustness of healthcare IT infrastructure against cyber threats. Dr. Jesse Ehrenfeld, president of the American Medical Association, voiced the concerns of many by highlighting the grave implications of such disruptions. He stated, “Any aberration in the system where, ‘Oh, you don’t get checks for two weeks,’ obviously is a situation that does put practices at risk.” Beyond the financial and operational disturbances, the attack also raised alarms over the exposure of sensitive patient data, spotlighting the urgent need for fortified cybersecurity measures within the healthcare sector.

Security Implications and Responses

The Change Healthcare cyberattack is a clarion call for heightened cybersecurity measures within the healthcare industry. It demonstrates the sophistication of cyber threats facing the sector and the need for robust security protocols. In response to the attack, Change Healthcare has engaged with law enforcement and cybersecurity experts from Mandiant and Palo Alto Networks, showcasing the necessity of collaborative efforts to assess and mitigate cybersecurity incidents.

As the healthcare industry navigates the aftermath of this attack, the focus on cybersecurity readiness, threat intelligence, and incident response capabilities has never been more critical. This event serves as a stark reminder of the cybersecurity challenges facing healthcare technology and the imperative to fortify defenses against an ever-evolving threat landscape.


The cyberattack on Change Healthcare is a watershed moment for cybersecurity in the healthcare sector. It underscores the vulnerabilities in critical healthcare infrastructure and the complex challenges of safeguarding sensitive data and operational continuity against sophisticated cyber threats. As investigations continue and recovery efforts are underway, the healthcare industry’s commitment to enhancing cybersecurity measures will undoubtedly be a pivotal theme in the ongoing dialogue about the future of healthcare technology and security.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.