Central Oregon Pathology Consultants has been in business for nearly 60 years, offering molecular testing and other diagnostic services east of the Cascade Range. Beginning last winter, it operated for months without being paid, surviving on cash on hand, practice manager Julie Tracewell said. The practice is caught up in the aftermath of one of the most significant digital attacks in American history: the February hack of payments manager Change Healthcare.
COPC recently learned Change has started processing some of the outstanding claims, which numbered roughly 20,000 as of July, but Tracewell doesn't know which ones, she said. The patient payment portal remains down, meaning customers are unable to settle their accounts. "It will take months to be able to calculate the total loss of this downtime," she said.
Health care is the most frequent target for ransomware attacks: In 2023, the FBI says, 249 of them targeted health institutions — the most of any sector. And health executives, lawyers, and those in the halls of Congress are worried that the federal government's response is underpowered, underfunded, and overly focused on protecting hospitals — even as Change proved that weaknesses are widespread. The Health and Human Services Department's "current approach to healthcare cybersecurity — self-regulation and voluntary best practices — is woefully inadequate and has left the health care system vulnerable to criminals and foreign government hackers," Sen.
Ron Wyden.