U.S. health insurance giant UnitedHealth Group has revealed that its subsidiary Change Healthcare was compromised in a cyberattack, likely orchestrated by government-backed hackers. The ongoing cybersecurity incident has led to significant disruptions, with no clear timeline for when systems will be restored.
Key Takeaway
UnitedHealth Group’s subsidiary, Change Healthcare, has fallen victim to a cyberattack attributed to suspected nation state hackers, causing widespread disruptions in the U.S. healthcare system and impacting millions of patient records. The company’s response includes engaging security experts and collaborating with law enforcement, but the timeline for system restoration remains uncertain.
UnitedHealth Group’s Allegation
In a filing with government regulators, UnitedHealth Group attributed the cyberattack on Change Healthcare to suspected nation state hackers. However, the company did not specify the nation or government involved, nor did it provide evidence to support its claim. Despite the severity of the situation, a company spokesperson remained unavailable for comment at the time of writing.
Impact on Healthcare System
Change Healthcare, a key player in patient billing across the U.S. healthcare system, processes billions of healthcare transactions annually and handles approximately one-third of U.S. patient records, impacting around a hundred million Americans. The cyberattack, which commenced early Wednesday, has not been fully disclosed in terms of its specific nature.
Pharmacy Outages
The repercussions of the cyberattack have extended to pharmacies nationwide, causing disruptions in prescription fulfillment through patients’ insurance. Change Healthcare’s outage has significantly affected the billing process, leading to downtime for numerous healthcare professionals and organizations. The company’s incident tracker indicates the widespread impact of the ongoing cyberattack.
Response and Measures
UnitedHealth Group stated in its filing that it has engaged leading security experts, collaborated with law enforcement, and notified customers, clients, and relevant government agencies about the cyberattack. Despite these efforts, the company has not provided a definitive timeline for the restoration of its systems.