The 2024 Change Healthcare cyberattack has become the largest healthcare data breach in history. It exposed the data of an estimated 190 million people and caused widespread disruptions across the U.S. healthcare system.
The projected cost of the attack for UnitedHealth Group (UHG) in 2024 was approximately $2.87 billion, including $1.7 billion in direct response costs. However, the final impact could be much higher due to punitive regulatory fines and reputational damage.
The Change Healthcare breach overshadowed the infamous 2015 health insurance company Elevance Health attack, previously the largest healthcare data breach ever recorded. In this attack, Chinese hackers stole 78.8 million medical records.
While any cyber attack against critical national infrastructure like healthcare is huge, what made the Change Healthcare cyber attack unique is that it didn’t just comprise patient data–it shut down much of the availability of healthcare services nationwide.
How the Change Healthcare Cyberattack Disrupted U.S. Healthcare
Unlike most healthcare cybersecurity breaches, which primarily involve data theft, this attack crippled the availability of essential services:
- Pharmacies were unable to process prescriptions.
- Hospitals and clinics could not verify insurance claims.
- Patients were unable to receive approval for medical treatments and procedures.
For millions of Americans, the impact of the Change Healthcare cyberattack was not just financial–it may have been life-threatening. Yet U.S. healthcare regulations, which date from 1996, are still myopically focused on the protection of confidentiality–something that is already lost to the vast majority of Americans thanks to countless overlapping cyber attacks.
According to industry experts, disruptions from the Change Healthcare attack could lead to long-term consequences, including:
- Rural hospitals and small clinics closing due to revenue loss.
- Increased patient mortality due to delayed medical procedures and prescriptions.
- A weakened healthcare system, with patients losing trust in third-party vendors like Optum Health, which owns Change Healthcare under UHG.
This breach serves as a stark reminder–placing critical healthcare operations in the hands of a single third-party vendor creates a dangerous single point of failure.
Third-Party Vendor Risks: A Healthcare Cybersecurity Crisis
At the Colorado HIMSS CxO Advocacy Breakfast Summit, where over 200 local Colorado healthcare leaders gathered with Hal Wolf, President and CEO of HIMSS, the security of third-party vendors was a major discussion point.
Howard Haile, CTO at Intermountain Health, raised a critical concern:
“Very few providers are able to pivot quickly to other clearing houses and service providers. Placing all of one’s eggs in a single basket certainly raises risks.”
Relying on a single provider like Optum Health, which owns Change Healthcare under UHG, is indeed a massive risk, especially when a single breach can disrupt critical healthcare services nationwide.
When a dominant provider suffers a breach, hospitals, pharmacies, and insurance networks reliant on that single vendor face operational standstills, financial losses, and patient care disruptions–with no immediate contingency plan.
This is not an isolated incident. A staggering 55% of healthcare organizations have experienced a data breach through a third party, underscoring the critical need for robust vendor risk management. Despite this alarming trend, many hospitals and healthcare systems fail to implement continuous security monitoring, vendor risk assessments, or contingency plans for critical service providers.
Rick Bohm, CISO at Point Solutions Group, further emphasized the lack of vendor risk assessment:
“We are not testing third-party systems to find vulnerabilities until it’s too late. I can guarantee that I can find similar vulnerabilities in the vast majority of vendor systems that healthcare relies upon every day.”
Without rigorous third-party security assessments, healthcare organizations remain vulnerable to ransomware attacks, supply chain disruptions, and regulatory penalties–often discovering these risks only after an attack has occurred. This lack of proactive security measures leaves the entire industry vulnerable to future ransomware attacks, supply chain breaches, and critical service failures.
The Growing Risk of IoT in Healthcare Cybersecurity
One of the most overlooked risks in healthcare cybersecurity is the rapid expansion of connected medical devices (healthcare IoT) in hospital networks. Recent figures show that the healthcare IoT market is projected to grow at an annual rate of 11.47%, leading to a market volume of US$167.70 billion by 2028. While these connected devices improve patient care and operational efficiency, their security vulnerabilities remain a critical threat.
Today, 75% of medical devices in hospitals are unmanaged by IT teams. This means they often go unmonitored, lack security updates, and can be exploited as entry points for cyberattacks. The Change Healthcare attack demonstrated how sophisticated attackers can leverage lateral movement, breaching one system before escalating access across an entire network.
Adding to the challenge, many hospital devices still use legacy systems that run outdated software, including Windows Embedded and legacy systems dating back to Windows 95. These systems lack modern security features, making them easy targets for ransomware, remote access exploits, and unauthorized lateral movement.
As Chief Security Strategist at Cylera speaking during the at the Colorado HIMSS CxO Advocacy Breakfast Summit, I also warned about the serious vulnerabilities within outdated medical technology:
“No one in this room would conduct their Internet banking on a Windows 95 machine today. Yet, we keep patients alive using similar era technology.”
Without proper healthcare IoT asset inventory and visibility, network segmentation, and continuous monitoring, hospitals remain vulnerable to cyberattacks that could disable life-saving equipment–—jeopardizing patient safety, operational continuity, and financial stability.
The Role of AI in Healthcare Cybersecurity
The solution to healthcare cybersecurity challenges isn’t just hiring more staff–—hospitals simply don’t have the budget, personnel, or resources to manually manage a growing attack surface. Instead, AI-driven threat detection and network segmentation are crucial strategies for risk mitigation.
AI-driven cybersecurity solutions enable real-time monitoring of IoT devices, allowing security teams to detect active threats and IoT device vulnerabilities and risks before they can be exploited. This proactive approach significantly reduces response times, even for zero-day attacks that occur without prior warning.
By continuously assessing vulnerabilities in medical devices, third-party software, and firmware updates, healthcare organizations can identify their exposure early and apply verified security patches before cybercriminals exploit them.
As adversarial nations like Russia and China observe the Change Healthcare cyberattack, the healthcare sector must brace for the next generation of AI-driven cyber threats–including adversarial machine learning and data poisoning that could manipulate AI models used for cybersecurity defense.
How Cylera Helps Strengthen Healthcare Cybersecurity
Protecting healthcare IoT and connected medical devices requires a specialized, intelligent security platform–one that prevents unauthorized access, monitors for vulnerabilities in real time, and provides full visibility into the connected device landscape.
The Cylera platform is designed from the ground up for healthcare IoT devices. With comprehensive asset discovery and inventory, passive monitoring, and real-time vulnerability, risk, and threat detection, Cylera takes advantage of the latest in machine learning and AI to correlate a wide variety of cybersecurity data, that delivers targeted insights designed to help your IT security team focus on actual threats in real time.
Cylera also integrates easily with existing asset management and security systems, including Network Access Control (NAC) solutions, firewalls, and SIEM platforms, enhancing incident response and risk management across an entire healthcare network.
By leveraging AI and machine learning, Cylera empowers healthcare IT security teams to stay ahead of evolving threats, minimize risk, and build a resilient cybersecurity framework for the future.
What’s Next for Healthcare Security?
The Change Healthcare cyberattack exposed critical vulnerabilities across the healthcare industry, from third-party vendor risks to unsecured medical devices. With cyber threats evolving at an unprecedented pace, healthcare organizations must act now to fortify their cybersecurity posture before the next major breach disrupts patient care.
Key Takeaways:
- Healthcare must strengthen third-party risk assessments to prevent another large-scale vendor compromise.
- IoT and medical device security must be prioritized to eliminate hidden vulnerabilities.
- AI-driven threat detection and network segmentation are critical for future-proofing hospital security.
As the threat landscape continues to grow, healthcare leaders must shift from reactive cybersecurity to proactive defense strategies. The time to act is now—before the next breach puts patient safety, hospital operations, and financial stability at risk once again.
