Minnetonka, Minnesota – Change Healthcare, a subsidiary of UnitedHealth Group, is currently facing disruptions in its systems for the fourth consecutive day following a cybersecurity incident. The parent company disclosed that a suspected threat actor had breached part of its information technology network on Wednesday. UnitedHealth, the largest healthcare company in the U.S. by market cap, owns Optum, a healthcare provider that merged with Change Healthcare in 2022.
According to a filing with the U.S. Securities and Exchange Commission, UnitedHealth identified the attacker as a “suspected nation-state-associated” actor. The company took immediate action by isolating and disconnecting the affected systems upon detection of the threat. Change Healthcare has stated that the disruption is expected to continue for at least another day, emphasizing that Optum, UnitedHealthcare, and UnitedHealth systems remain unaffected.
Despite the lack of specific details regarding the nature of the attack, companies such as CVS Health have reported disruptions in their business operations due to the incident. CVS Health mentioned that while prescription filling continues, insurance claims processing has been impacted in certain cases. The company reassured the public that its own systems have not been compromised.
In response to the cyberattack, the American Hospital Association advised healthcare organizations to disconnect from Optum until it is safe to reconnect. The AHA has been in communication with various government agencies, including the Department of Health and Human Services, the FBI, and the Cybersecurity and Infrastructure Security Agency. However, these agencies declined to provide comments on the situation.
As the investigation continues, Change Healthcare and its parent company are diligently working to restore the affected systems. They have pledged not to take any shortcuts in the recovery process to ensure the security and stability of their operations moving forward. The incident serves as a reminder of the growing cybersecurity threats facing companies in the healthcare industry and the need for robust security measures to safeguard sensitive information.