Pharmacies in Camp Pendleton, California, and Evans Army Community Hospital in Colorado were among several locations reporting disruption in prescription processing due to a cyberattack on UnitedHealth Group Inc. The company’s Change Healthcare unit, responsible for processing prescriptions for thousands of pharmacies nationwide, was compromised by hackers who gained access to its systems.
UnitedHealth Group Inc. identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. The company proactively isolated the impacted systems to contain, assess, and remediate the incident. The disruption is expected to last at least through the day, and the company will provide updates as more information becomes available.
This outage impacted the processing and dispensing of pharmacy prescriptions, resulting in delays and, in some cases, inability to process. Refills have also been impacted, causing frustration for patients and healthcare providers. GoodRX, a company offering prescription discounts, also experienced disruption in its services due to the cyberattack.
Evans Army Community Hospital in Colorado reported delays in some prescription orders, while Moffet Drug, a small pharmacy in Norton, Kansas, also suffered disruptions in its services.
The cyberattack on the UnitedHealth Group Inc. could have been sponsored by a group of hackers paid by a foreign country, as stated in the company’s filing with the Securities and Exchange Commission. The attack, resembling ransomware attacks that have caused chaos across America’s hospitals and health care networks, raised concerns about the vulnerability of critical infrastructure to cyber threats.
Change Healthcare, the targeted unit of UnitedHealth, believed the attack was isolated to its network and did not spread elsewhere. Companies are required to report cyberattacks to investors via the SEC, and it’s probable that UnitedHealth doesn’t yet know what – or who – caused the attack.
The company has isolated the attack, notified law enforcement, and is working quickly to restore its systems in light of the potential risks posed by this cyber intrusion. This incident underscores the importance of maintaining robust cybersecurity measures to safeguard essential health services against future attacks.