Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
.
TITLE: Change Healthcare Cyberattack, You, and Your Clients -- Part 2
This update from Therapy Notes is actually of interest to everyone:
https://blog.therapynotes.com/change-healthcare-incident-update
Note how completely useless the United/Optum "update" site is:
https://status.changehealthcare.com/incidents/hqpjz25fn3n7
All they do as of 2/28 evening is keep repeating the same useless generic statement over and over for days that says nothing.
-- Michael
On 2/28/2024 12:00 AM, Michael Reeder -- Hygeia MS wrote:
So, from news reports:
The American Hospital Association (AHA) is warning that many hospitals can not check insurance coverage for procedures, or get paid, and wrote the government with concerns of cash flow problems. They worry about abilities to pay staff. I can confirm that Johns Hopkins Hospital is scrambling on this issue right now, but not how badly they are impacted. As to how likely it is for hospitals to have trouble paying staff -- I really don't know -- sounds extreme to me.
The BlackCat hacker organization (Russian state-sponsored hacker group) has claimed responsibility. United Health/Optum have not confirmed that it is BlackCat, but in their filing to the government did say that the attacker was a nation state level operator. (This implies both a high degree of sophistication and that the attack may be serious.)
The United/Optum filing also mentioned that this was a ransomware attack -- possibly meaning that Change Healthcare data is encrypted and locked-up. (GBMC in Baltimore, MD took 8+ months to fully recover from a ransomware attack.)
LMG Security reports that this was an early attack in a likely wave of attacks against systems using the ConnectWise ScrrenConnect software package. They suggest that businesses not only check whether or not they are using it, but also ask their vendors if its in use and if patches have been deployed. Practically speaking, I don't think any small psychotherapy practices would use this, but our "subcontractors" (giant data companies) might -- and in theory once they are hacked, hackers could gain sensitive data about us or our clients. ("Cybercriminals around the world are racing to exploit a new critical vulnerability that affects the popular ConnectWise ScreenConnect Remote Monitoring and Management (RMM) software, used by thousands of organizations and MSPs to remotely manage their technology environments.")
https://www.lmgsecurity.com/wp-content/uploads/dlm_uploads/2024/02/LMG-ConnectWise_Alert_2024.pdf
https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm
#psychology #socialwork #counseling #mentalhealth #EHR #EFT #changehealthcare #unitedhealth #optum #infosec #hack #blackcat #Russia #emdeon
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
