top of page

Take a Lesson from Change Healthcare

Writer's picture: Diane EvansDiane Evans

Change Healthcare issued a statement last week, saying it has substantially completed its review of last year’s data breach that impacted an estimated 100 million individuals.  The lesson learned:  Regardless of your size, you need to be diligent in uncovering all your data risk points to the extent possible. And don’t assume IT has you covered.


Change Healthcare, it turns out, left an opening for a cyber attack, resulting in the mass  theft of names, Social Security numbers, driver’s license numbers, health insurance  information and more.


As reported on the website of the The Journal of the American Medical Association (JAMA), the attack ‘’has been attributed to the lack of multifactor authentication on a legacy server, a compliance failure.”  As JAMA further observes, there is no security patch for human lapses.


Of course, missteps will always happen. The challenge is to have systems in place that reduce the likelihood of an oversight.


A diligent approach requires: 


  1. Systematic oversight of IT, with routine reporting to senior management.  Keep in mind, it’s not up to IT to decide on what to report up to leadership.  It’s up to leadership to specify the types of routine checks that must be completed and documented.


Given that network vulnerabilities commonly lead to data breaches, reports need to cover all points of potential entry into databases via networks.   As a best practice, networks should be segregated to the extent possible.  


  1. Thorough and well-documented risk assessment, with high priority focused on the most important data protections. In addition to network security, such priorities include prompt software updates or patch applications, well-tested data backup and incident response plans, and password security and two-part authentication.  


Think of it this way:  If you rely on IT to tell you what you need to know, then that’s an upside down approach to management.  And it can get you in trouble.  Take it from Change Healthcare that detail matters in managing IT assets from the top down. 


#Data ManagementLongTermCare


2 views0 comments

Recent Posts

See All

Yes, You Must Update your Privacy Notice

February 5, 2025 By Diane Evans Dear readers, in less than 7 minutes, this video explains new changes to HIPAA regulations: If you need...

Proposed Changes in HIPAA Rules Help YOU!

By Diane Evans  Recently, the U.S. Office for Civil Rights (OCR) proposed stronger rules for data security and compliance under the...

Kommentare


Guarded Edge LLC

526 S Main St  - #104

Akron, OH 44311

  • LinkedIn
bottom of page