Period pain and back pain are no match for medtech

At this point, you’ve probably heard about American healthcare’s latest headache: The UnitedHealth ransomware attack that brought Change Healthcare’s systems to its knees for over a week.

To us onlookers, the attack has exposed the delicate balance of healthcare claims data flow in the U.S. 

Change Healthcare processes 15 billion healthcare transactions annually, impacting one in three patient records in the U.S.. To make ends meet, many impacted health facilities are having to make impossible choices.

Do they stop treating patients or stop paying staff?

One provider interviewed by Reuters even said she was considering withdrawing her own retirement savings to cover payroll. 

I commend the leaders making personal sacrifices to shield their providers and patients from the worst of the fallout. But they shouldn’t have to.

In this story, we see an extreme consequence of America’s health payments system, where a few corporations hold everyone’s data in their hands.

While many private insurance companies are involved in exciting medical innovation—especially when it comes to digital solutions and AI—this healthcare hack exposes some of the weak points of an increasingly private health insurance system.

Especially when individual companies, like UnitedHealth, have so much responsibility over healthcare data and payments functionality, their corporate security practices concern the whole nation. Without strong federal mandates for data-sharing with health information exchanges (HIEs) and disclosures on cybersecurity protections, it’s only a matter of time before more historic breaches compromise patient care and provider subsistence.

In my view, a crisis like this must force cooperation.

Health IT experts are amplifying calls for bolstering federal cybersecurity policy and creating a federally-mandated ecosystem for responding to such events.

There is also renewed concern about the rising tide of healthcare M&A and how corporate consolidation (like UnitedHealth’s 2022 acquisition of Change, growing its status as the biggest healthcare company in the U.S.) further increases data security vulnerabilities. In fact, when the deal was announced in January 2021, it was controversial because of worries about data consolidation.