The February 2024 cyberattack on Change Healthcare disrupted claims processing, pharmacy operations, and revenue cycles for hospitals and practices across the country for weeks. The attack exposed the systemic risk of concentrated third-party technology dependencies in healthcare and triggered the largest healthcare data breach in U.S. history, affecting 100M+ patient records.
For businesses that depend on third-party technology platforms, this incident is a case study in why cyber insurance needs to cover not just your own systems but the downstream impact when a critical vendor goes down. For healthcare operations with SBA loans, hazard insurance requirements add another coverage layer.
Key Takeaways
- What happened: Ransomware attack on UnitedHealth’s Change Healthcare unit disrupted claims for 6+ weeks
- Scale: 100M+ patient records affected, largest healthcare breach in U.S. history
- Business interruption: Providers lost revenue for weeks while unable to submit claims
- Lesson: Cyber insurance must cover dependent business interruption from a vendor’s breach
- Third-party risk: Concentration in a single vendor created systemic exposure across the industry
Disclaimer: This article is for informational purposes only. Consult our licensed advisors for guidance specific to your business.
Commercial Insurance Review
Hotaling Insurance Services structures insurance programs for mid-market and enterprise businesses across Houston, Miami, and NYC.
Schedule Consultation