Change Healthcare cyberattack causes nationwide pharmacy delays

US health technology giant Change Healthcare fell victim to a suspected nation-state cyberattack Wednesday, forcing a system-wide shutdown. Now delays are being reported at pharmacies across the nation.

The Tennessee-based Change Healthcare is now the second subsidiary of Optum, a health technology solutions firm and a division of UnitedHealth Group, to be hit with a suspected cyberattack in the past four months.

The company's popular health IT services, including its payment and billing management platform, are used by thousands of healthcare facilities and their patients, making it one of the largest health technology firms in the US.

Change Healthcare also provides software systems for clinical services used by medical professionals, as well as a membership platform for patient services. Altogether, the company has access to tens of millions of patient records, a boon for cybercriminals looking to cash in.

Nation-state attack likely

UnitedHealth filed a disclosure with the US Securities and Exchange Commission (SEC) late Thursday, revealing “a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.”

UnitedHealth SEC filing
US Securities and Exchange Commission 8K filing by UnitedHealth Incorporated

"The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time," the 8K filing said.

Optum has also been providing updates on its website since the “cyber security issue” was first identified by the company in the early morning hours of February 21st – posting its latest update Thursday, February 22nd at 6:28 p.m. EST.

“Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter,” Optum said in a statement sent to Cybernews addressing the attack.

“Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact,” the company said.

Meantime, Optum has listed dozens of applications and transactional services that are no longer assessable to clients in order to isolate the attacker and foster remediations.

From Clinical Exchange Labs and Hospitals, Dental Practice Analytic Insights, and Patient Billing & Statements, to Smart Commercial Pharmacy Services, Vaccination Record, Third-Party Administration, and UPBS Claims Processing, the list seems endless.

Change Healthcare applications affected

UnitedHealth said it had brought in outside security experts and was working with law enforcement, clients, and certain government agencies.

Pharmacies impacted nationwide

Several pharmacy chains, including major retailers CVS Health, Walgreens, and Publix Supermarkets have already reported slow-downs.

Many pharmacies have reported being unable to process insurance claims through their systems, leading to the back up.

Social media lit up with users all over the country Thursday complaining they could not fill their prescriptions.

“I have been trying all over Tucson, az to get my prescriptions filled, but it seems that all the pharmacies are down. Albertsons, Safeway, Walmart, cvs, and Walgreens,” one user posted on X on Thursday.

Another user wrote on X, “My fiancé works at Walgreens in the pharmacy, and they had problems with insurance not going through and putting prices on prescriptions. It was evidently a lot more than just the phones!!”

CVS, which runs 9,000 pharmacies across the US, put out a statement saying it was “committed to ensuring access to care as we navigate through this interruption."

Reuters news outlet was the first to report that an unnamed source said a "regional hospital system in Pennsylvania was also being disrupted," possibly a sign of things to come as the damage unfolds.

Health data at risk

The 8K filing and earlier updates by Optum indicated that the incident was specific to Change Healthcare and that all other UnitedHealth Group systems have not been affected.

Optum also told Cybernews it expected the disruption to last “at least through the day,” but that timeline seems unlikely, as it can often take weeks, if not months, to completely restore a system after an attack, as UnitedHealth confirmed in the SEC filing.

Optum Change Healthcare statement

This past November, Crystal Run Healthcare, a New York-based multi-specialty medical group, also acquired recently by UnitedHealth and Optum, experienced “system issues impacting some of our services.”

Crystal Run happens to be one of the first medical practices in the US to implement electronic health records (EHR) for optimizing patient information and sharing among medical staff and facilities.

The Optum-owned healthcare group, which serves 400,000 patients spanning a multitude of medical and surgical specialties, had stopped short of identifying the outage as a cyberattack at the time, and eventually, services were restored.

Last summer, UnitedHealth Group – the parent company of Optum and United Healthcare, the fifth largest health insurance company in the US – became the biggest and most profitable healthcare conglomerate in America, according to industry reports.

Optum said it will continue to provide updates as more information becomes available on its website.

More from Cybernews:

AT&T services back up, cause of outage still unknown

London Stock Exchange Group platforms suffer brief outages

Meta’s “Pay or Okay” policy a dangerous precedent, activists say

Google pauses Gemini’s image generation tool over inaccurate images

Germany targeted by Russian propaganda, claims analyst 

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked