SPOT Cybersecurity Tip: UnitedHealth Cyber Attack Teaches Business Lessons

Check out more SPOT Cybersecurity Tips!
Click to read more SPOT Cybersecurity Tips!

A cyber attack on a business unit of UnitedHealthcare, the nation’s largest insurer, has disrupted drug prescription orders at thousands of pharmacies for about a week.

The assault on the unit, Change Healthcare, was discovered mid February. The attack appeared to be by a foreign country, according to two senior federal law enforcement officials, who expressed alarm at the extent of the disruption.

UnitedHealth Group said in an SEC filing that it had been forced to disconnect some of Change Healthcare’s vast digital network from its clients and hasn’t been able to restore all of those services. The company has not provided any timetable for when it may be able to reconnect.

The American Hospital Association is accusing UnitedHealthcare of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.

Here are 5 lessons for Business Owners from this latest cyber attack.

  1. Cyber Threats are more numerous and sophisticated than ever. It’s a stark reminder that every business, large or small, is a target for cybercriminals, and the business impact can be significant.
  2. Ransomware Attacks are extremely disruptive. Cybercriminals have been become more patient and use double or triple extortion by combining tactics such as stealing your data with encrypting your data to ensure that you pay your ransom.
  3. Supply Chain Attacks are painful up and down the supply chain. UnitedHealthcare’s customers have severely impacted for a significant amount of time. How can you protect your supply chain?
  4. Incident Response Plans are still important. Being able to respond promptly in the event of a cyber attack is critical. Knowing what kind of cyber insurance and incident response resources are available to you can help.
  5. Regulation is needed to enforce stricter cybersecurity controls – Businesses have proven over and over they will only invest in cybersecurity in 2 situations – 1) The government (or a 3rd party such as a client or vendor) forces them to do so, or 2) They’ve been hit by a cyber attack.

Want to be the outlier and do something about your cybersecurity BEFORE the government forces you to do so? Reach out for a complimentary Cybersecurity Discovery Call.