Shared data is key to ensuring patients receive effective care – but raises the stakes for provider, payer, and vendor cybersecurity. 

By Kate Purschke | May 2024 

More than 10 weeks after the Change Healthcare cyberattack, patients, providers, and the US government are still learning about the causes and consequences of the incident. UnitedHealth Group CEO Andrew Witty testified at two congressional hearings in early May, answering questions about the massive security breach that occurred in February of this year. He admitted that despite a company-wide requirement for multi-factor authentication, the compromised Change Healthcare web portal was not equipped with this basic security feature. 

At Archetype’s recent Annual Meeting, healthcare industry experts and guest panelists Jill Angelo, Darin Buxbaum, and Nick Moriello discussed the importance of data security within healthcare companies. Not only is preventing cyber-attacks critical to protecting patient privacy – it’s also key to ensuring that providers, insurers, and other stakeholders can deliver high-quality care. 

As leaders of innovative healthcare organizations, all three speakers recognize the value of collecting and sharing data. Data allows insurers to evaluate and prioritize the solutions that are offered to members. It allows providers to measure health outcomes and ensure patient needs are met. It allows companies like Wider Circle, a neighborhood-based health organization, to understand the impact that social determinants of health have on individuals and their care needs. Seamless integration and data-sharing between these stakeholders allows them to collectively evaluate what services are most effective and what is needed to provide comprehensive, accessible care.  

The healthcare industry’s accelerating shift towards value-based care makes data collection, analysis, and sharing even more important. In a system where providers are reimbursed by payers based on the outcomes they produce, quickly and securely communicating key patient metrics will be a top priority.   

Buxbaum, Wider Circle’s CEO, emphasized that companies who use patient data need to take responsibility for protecting it. “As Americans, we care about privacy. This showed just how critical it is to making the system work.” He shared steps that organizations should take to ensure that their information is secure, including only allowing access on a “need-to-know basis” and becoming certified by HITRUST, a third-party service that assesses a company’s risk management and compliance programs. Ultimately, “a good way of looking at this is… we treat patient data like we would want our own data treated. Lock it down.” 

Wider Circle CEO Darin Buxbaum shares insights alongside fellow panelists Jill Angelo and Nick Moriello 

Beyond Change Healthcare, health-related data breaches have been rapidly increasing. In 2023 alone, an estimated 1 in 3 Americans – represented in over 133 million health records – were affected by these incidents. As Darin highlighted, recent attacks have sparked a “reckoning,” with industry leaders like UHG now under intense scrutiny. Healthcare organizations and their vendors will increasingly search for innovative technologies and processes that allow them to both safeguard information and continue to collaborate in a way that enables optimal patient care. 

Interested in hearing more of Archetype’s perspective on industry news and trends? Subscribe to our newsletter for monthly communications about what we’re watching in the market.  

Kate is an Investment Associate at Archetype, where she drives deal sourcing and execution and portfolio management. She has a BS from Georgetown University’s McDonough School of Business.