Health Tech

‘Nation-State’ Cyberattack Hits Change Healthcare, Disrupting Pharmacy Services Across the Country

Pharmacies across the country are facing disruptions following a cyberattack on Change Healthcare — which is owned by Optum, a subsidiary of UnitedHealth Group. In a filing with the SEC, UnitedHealth stated that the unauthorized party that gained access to Change Healthcare’s systems was a “suspected nation-state associated cyber security threat actor.”

Pharmacy chains across the country are facing disruptions due to a cyberattack on Change Healthcare, a Nashville-based company that processes patient payments for healthcare organizations.

Change Healthcare is owned by Optum, a subsidiary of insurance giant UnitedHealth Group. On its website, Change Healthcare says that it manages 15 billion transactions per year and is the country’s largest commercial prescription processor. 

On Wednesday, Change Healthcare discovered that an unauthorized party had gained access to some of its IT systems, according to a public filing UnitedHealth made with the Securities and Exchange Commission. The company immediately isolated the impacted systems from other connecting systems once it had learned of the incident, the filing stated. 

As of Friday afternoon, Change Healthcare’s systems are still offline.

UnitedHealth said it believes the cyberattack is specific to Change Healthcare and that all other systems across its enterprise are operational. 

The network interruption is affecting business operations for all military pharmacies across the world, as well as some retail pharmacies across the U.S., including CVS.

There is no indication that CVS’ systems have been compromised, and the pharmacy chain has business continuity plans in place to minimize the disruption of service, Mike DeAngelis, CVS’ executive director of corporate communications, wrote in a statement sent to MedCity News.

“We’re continuing to fill prescriptions in our pharmacies, but in certain cases, we are not able to process insurance claims, which our business continuity plan is addressing to ensure patients continue to have access to their prescriptions,” DeAngelis stated.

Walgreens spokesperson Jen Cotto told MedCity News that “the vast majority” of the company’s prescriptions are not being impacted by the cyberattack. 

“For the small percentage that may be affected, we have procedures in place so that we can continue to process and fill these prescriptions with minimal delay or interruption,” Cotto wrote.

In response to the cyberattack, the American Hospital Association urged all healthcare organizations to “consider disconnection from Optum until it is independently deemed safe to reconnect.”

In its filing with the SEC, UnitedHealth stated that the unauthorized party that gained access to its systems was a “suspected nation-state associated cyber security threat actor.” The U.S. federal government states that nation-state adversaries “pose an elevated threat” to national security, including China, Russia, North Korea and Iran. Cybercriminals from adversary countries may use critical industries — like healthcare — as a target when waging cyberattacks against the U.S., according to the Cybersecurity and Infrastructure Security Agency.

Javvad Malik, lead security awareness advocate at cybersecurity firm KnowBe4, told MedCity News that the cyberattack on Change Healthcare “serves as a stark reminder” of the ever-present cyber threats facing the healthcare sector.

“This situation underscores the necessity for transparency in the aftermath of cyber incidents, as well as the ongoing need for investment in cybersecurity defenses, robust processes and staff security awareness and training to reduce the risk of such attacks,” he wrote in a statement. “The healthcare industry continues to be a prime target for cybercriminals — it’s crucial that healthcare providers not only react effectively to threats but also proactively work to fortify their systems against future attacks.”

Photo: ValeryBrozhinsky, Getty Images