A Tale of Two Outages: Change Healthcare and CrowdStrike

Critical cogs in healthcare and cybersecurity sent shockwaves

The year 2024 saw two major cybersecurity incidents that sent shockwaves through the business world and exposed critical vulnerabilities in our digital infrastructure.

The first, a ransomware attack targeting Change Healthcare, a crucial player in the U.S. healthcare system, had a devastating ripple effect on hospitals, patients, and financial systems.

The second, a software update failure by cybersecurity firm CrowdStrike, resulted in widespread system crashes, affecting airlines, hospitals, and various other sectors.

This article discusses the financial and technological impacts of these two events, the strategies employed to mitigate the damage, and the lessons learned for enhancing cybersecurity preparedness.

Subscribe now to get articles like this direct to your inbox!

Change Healthcare: A Healthcare System Brought to Its Knees

In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group ($UHG) responsible for processing nearly half of all U.S. medical claims, fell victim to a devastating ransomware attack by a hacker group. The attack crippled the company's nationwide systems, causing widespread disruption across the healthcare sector.

Financial Impact:

  • Total cyberattack impact estimated at $2.3 billion to $2.45 billion for UHG in 2024.

  • Direct response costs estimated at $1.3 billion to $1.35 billion.

  • Business disruption impacts projected to be $600 million to $700 million.

  • Estimated $6.3 billion in delayed payments to hospitals through March 9.

Technological Impact:

  • Disabled Change Healthcare's nationwide healthcare billing and information systems.

  • Forced providers to implement costly and labor-intensive workarounds.

  • Increased the risk of fraud and abuse due to a massive backlog of claims.

Strategies:

  • UHG paid a $22 million ransom to restore access to its systems.

  • Accelerated provider funding, providing over $9 billion in advance funding and interest-free loans.

  • Implemented a hiatus on prior authorization and other care management activities to ease the burden on providers.

Subscribe now to get articles like this direct to your inbox!

CrowdStrike: When the Protector Becomes the Problem

In a twist of irony, leading cybersecurity firm CrowdStrike($CRWD) found itself at the center of a global IT crisis in July 2024. A faulty software update for their Falcon Sensor product caused widespread system crashes on millions of Windows devices worldwide.

Financial Impact:

  • Estimated direct financial losses for Fortune 500 companies (excluding Microsoft) reached $5.4 billion.

  • Delta Air Lines reported losses of $500 million, with plans to sue CrowdStrike.

  • Insured losses are expected to be between $540 million and $1.08 billion.

Technological Impact:

  • Triggered widespread system failures and "blue screen of death" errors on Windows devices.

  • Exposed vulnerabilities in software update processes and highlighted the need for robust testing procedures.

  • Emphasized the dangers of centralized command chains in cybersecurity systems, making them susceptible to single points of failure.

Operational Fallout:

  • 8.5 million computers crashed globally

  • Critical infrastructure affected, including airlines, hospitals, and emergency services

  • 512 U.S. flights canceled

  • Surgical procedures postponed

  • Temporary disruptions to 911 systems

Strategies:

  • CrowdStrike swiftly identified the issue and deployed a fix within hours.

  • Created a centralized communication hub with technical details, remediation instructions, and frequent updates.

  • Emphasized that the outage was not a security breach to maintain customer trust.

Bottomline

The 2024 cyber incidents involving Change Healthcare and CrowdStrike serve as stark reminders of the evolving threat landscape. As we move forward, organizations must adopt a holistic approach to cybersecurity, encompassing:

  1. Comprehensive risk assessment and management

  2. Investment in robust, redundant systems

  3. Regular testing and updating of incident response plans

  4. Fostering a culture of cybersecurity awareness

  5. Collaboration with industry peers and government agencies

By learning from these incidents and implementing proactive measures, businesses can better prepare for and mitigate the impact of future cyber threats.

Subscribe now to get articles like this direct to your inbox!

Note: This analysis is for informational purposes only and does not constitute financial or investment advice. If you observe any errors in numbers, figures, or other information presented here, please email me at [email protected].