What’s new. After the 2024 ALPHV/BlackCat attack, 2025 notices show continued remediation and consumer support windows (including deadlines for credit monitoring enrollment). HHS’s FAQ and Change Healthcare’s updates outline impacts and assistance programs as the incident’s scope and notifications evolved through 2025.
Why it matters. It’s the modern reality of healthcare cyber risk: deep supply-chain interdependencies and patient-care disruption measured in weeks, not hours.
Blade’s POV: what to do now.
- Demand business-continuity SLAs and tabletop pharmacy/claims outages.
- Enforce third-party MFA, machine identity controls, and data-minimization on connected payers/processors.
- Build “care-through-downtime” runbooks that bypass single chokepoints.
Image brief. Neutral hospital corridor / signage or Change Healthcare wordmark (editorial). (Example shown above.)
