DALLAS – It’s been almost a year since the cyber-attack on Change Healthcare, a subsidiary of United Health. According to a report from the House Committee On Energy & Commerce, the attack created a backlog of unpaid claims and left doctors’ offices and hospitals with cashflow problems—threatening patients’ access to care.

“Cyber-attacks will continue to be part of our businesses and something we need to be better prepared to handle,” says Seth Weinstein (pictured), vice president of Finance, Medical Service Company, and presenter at next month’s Medtrade. “My educational session [How To Be Prepared For The Next Cyber Attack] at Medtrade will give you tips on how to best position your business with the reporting/analytics and processes for when the next cyber-attack hits.”

The educational session is perfect for providers who are looking to learn about:
• the critical role of clear communication during any incident;
• practical strategies for data assessment and standardization, leading to a reduced risk of prolonged business interruption; and
• actionable steps to build a more resilient HME cybersecurity posture.

Medtrade Monday sat down with Weinstein to learn more about the specific concerns from last year, as well as some tips that providers can use to prepare.

Medtrade Monday: What was your initial reaction to the Change Healthcare cyber-attack?
Weinstein: Like many others, my initial reaction to the Change Healthcare situation was muted. We saw a message about processing delays and assumed it was a short-term issue. It wasn’t until the weekend that the gravity of the situation—a full-blown cyberattack with potentially long-term consequences—became apparent. The potential impact on patient care and our business, including cash flow, was deeply concerning

Medtrade Monday: Can you reveal one of your tips and explain why it’s important?
Weinstein: A key tip is to thoroughly vet your technology vendors. Requesting a SOC 2 report is vital. This independent audit provides valuable insights into a vendor’s security practices, helping you understand and mitigate the risks associated with using their technology. It’s like getting a security checkup for your partners.

Medtrade Monday: What types of professionals should attend your educational session?
Weinstein: This session isn’t a highly technical cybersecurity deep dive. I’m not a cybersecurity expert myself, and I’m designing this session to be accessible to everyone, regardless of their technical background. While we’ll touch on practical steps like multi-factor authentication and vendor security reports (like SOC 2), the core focus is on communication.

Attendees will gain practical strategies for effectively communicating about complex cyber events, particularly in times of crisis. I’ll be sharing real-world examples from Medical Service Company’s experience navigating the Change Healthcare cyberattack, highlighting how clear and intentional communication with vendors, partners, and employees was crucial for maintaining trust and confidence.

The goal is to equip attendees with the tools and confidence to explain complex situations to non-IT staff, billing experts, or other stakeholders. While we can’t predict the next cyberattack, I want everyone to understand the vital role communication plays in any adverse event and be prepared to act accordingly.

Medtrade Monday: What’s your level of optimism or pessimism regarding future cyber-attacks?
Weinstein: While I’m not a cybersecurity expert, it’s clear that cyberattacks are a persistent and evolving threat. We have to operate under the assumption that they will continue to occur, with varying levels of impact. The increasing sophistication of social engineering and the use of AI to create convincing simulations are particularly concerning.

Medtrade Monday: Can you share an example of something like that?
Weinstein: I’ve gotten text messages supposedly from our CEO, Josh Marx, asking me to pay consultants in Apple gift cards. Sorry scammers, that’s not going to work, but it highlights the lengths these attackers will go to. Advancements in AI and quantum computing will increase such risks. The takeaway isn’t pessimism or optimism, but preparedness. We need to focus on building resilience and ensuring we have robust communication plans in place to mitigate the impact of future attacks.

Click Here to register for Medtrade, scheduled for Feb. 18-20, 2025 at the Kay Bailey Hutchison Convention Center in Dallas.