With nearly $6 million coming to New York communities to help upgrade cybersecurity, recent developments show why that money is needed.

A major cyberattack last week forced pharmacies across the state to scramble to continue filling health care prescriptions. Pharmacies are among those facing cybersecurity breaches in health care.

A Woodstock pharmacist said a cyberattack on Feb. 21 brought "chaos" for pharmacies across the country and New York, and took a health care provider offline.

“We can't bill prescription claims," Village Apothecary owner Neal Smoller said. "We can't transmit claims for insurance and we can't work.”


What You Need To Know

  • A major cyberattack brought Change Healthcare offline, affecting pharmacies around the nation

  • Change is the claims and payment division of United Healthcare

  • Change remains offline nearly a week later, with no estimated return or confirmation that patient data was involved

The attack targeted Change Healthcare, a branch of United Healthcare. Change handles insurance claims and payment, a role known as a “switch.”

In a filing by United, they blamed the attack on a “nation-state associated actor.”

Change Healthcare remains offline nearly a week later, with no estimated return or confirmation that patient data was involved. Smoller’s pharmacy had to switch to a different provider in order to continue filling out prescriptions.

“That only works on the main part of our business, which is transmitting the claims to the insurances," he said of the change. "There are other benefits that switches provide that we don't have access to still, which really impacts business.”

Smoller said those other impacts include not being able to check patient's eligibility for prescriptions and vaccines, unless he physically calls their insurance company.

According to cybersecurity expert TJ Sayers, cyberattacks on health care providers are increasing because they’re enticing targets. He says the best things providers can do to not be a victim include fixing vulnerabilities quickly and training users.

“They're still getting in through some type of social engineering tactic," said Sayers, the director of intelligence and incident response at the Center for Internet Security. "Getting someone to send money, getting them to click on a link, or something like that. So end-user training is really, really key.”

Soon, Village Apothecary will have to look to hire a cybersecurity expert to protect their systems. But Smoller said the attacks reveal the weakness of having large health care conglomerates playing such a huge role.

“I mean, I hope this brings to light the idea of, like, what are the different parts to this?" he said. "Some people haven't heard of switch companies before. People may not even have heard of PBMs, pharmacy benefit managers. This idea of vertical integration and putting all of our eggs in one or few baskets really, really scares me.”