As per recent reports, pharmacies across the United States are experiencing significant disruptions following an alleged cyberattack on Change Healthcare, a division of Optum under UnitedHealth.
Reports indicate that a cyberattack targeting Change Healthcare, a UnitedHealth Group’s Optum subsidiary, has caused significant disruptions for pharmacies and patients in the United States.
UnitedHealth, the insurance conglomerate, has linked the extensive impact of the attack on Optum’s Change Healthcare to a nation-state threat actor.
Here are five key points about this significant cyberattack on UnitedHealth Optum.
I.T. Systems Are Down
On Wednesday, UnitedHealth Group, the insurer, revealed in a regulatory filing that Change Healthcare, a prescription processor under its Optum subsidiary, had been targeted in a cyberattack.
According to UnitedHealth’s filing with the U.S. Securities and Exchange Commission, the threat actor gained access to specific information technology systems belonging to Change Healthcare.
“In the latest statement posted on its website on Friday, Change Healthcare emphasized its immediate action to safeguard partners and patients by disconnecting its systems to prevent further impact.
This proactive measure was taken to alleviate the burden on customers and partners. The American Hospital Association, in a separate statement, highlighted Optum’s extensive presence across sectors and the critical services it offers.
The association expressed concern about the reported interruption’s potential cascading and disruptive effects, including on insurance verification, payments, and various healthcare technologies and clinical authorizations.”
Timetable For Restoration
In its latest statement on Friday, Change Healthcare indicated that the disruptions caused by the attack are anticipated to persist at least throughout the day.
The company affirmed its commitment to employing multiple strategies to restore the affected environment, emphasizing a cautious approach without compromising security.
Change Healthcare reiterated its proactive stance, stating that any suspicion of system issues would prompt immediate action, including disconnection if necessary.
Pharmacy Disruptions
According to media sources, the cyberattack’s impact on insurance processing has resulted in challenges for patients seeking to obtain prescriptions through their insurance.
The Wall Street Journal reported that local pharmacies are experiencing delays and are unable to process insurance billing for prescriptions.
CNN noted that patients are paying out of pocket to obtain essential medications.
UnitedHealth mentioned in its SEC filing that specific networks and transactional services may be inaccessible during the disruption.
Additionally, a statement from the Naval Hospital at Camp Pendleton in California revealed that the attack has affected military clinics, hospitals worldwide, and some retail pharmacies nationally.
UnitedHealth stated in its SEC filing that it has identified a suspected nation-state as the perpetrator behind the Change Healthcare cyberattack. However, it did not directly attribute the attack to any specific government.
The company emphasized its collaboration with leading security experts, law enforcement, and the notification of customers, clients, and relevant government agencies.
UnitedHealth reassured that the network interruption appears to be limited to Change Healthcare systems, with all other systems within the company remaining operational.
In its recent statement on Friday, Change Healthcare expressed confidence that the ongoing issue has not impacted the systems of Optum, UnitedHealthcare, and UnitedHealth Group.
ScreenConnect Vulnerability Blamed
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the detection of active exploits associated with the recently reported ConnectWise ScreenConnect vulnerability.
Designated as CVE-2024-1709, this vulnerability has been classified as “critical.”
S.C. Media reported on Friday that the critical ScreenConnect vulnerability was utilized in the Change Healthcare cyberattack facilitated by the deployment of LockBit malware.
ConnectWise stated to CRN that they could not confirm a direct link between the Change Healthcare incident and the ScreenConnect vulnerability at this time.
Their preliminary investigation suggests that Change Healthcare is not a direct customer of ConnectWise, and no reports have been received from their managed service provider partners indicating Change Healthcare as their customer.