UnitedHealth Blamed ‘Nation-State’ threat in attack that caused outage at Change Healthcare and disrupted pharmacy orders nationwide
A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between health-care providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.
UnitedHealth, the country’s largest health insurer, found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Feb. 21. Change Healthcare, which is part of UnitedHealth’s Optum information technology division, is a key intermediary in the $1.5 trillion US health insurance market.
UnitedHealth said in a statement Thursday that the cyberattack and related “network interruption” only impacted Change Healthcare and that all its other systems are operational, but that it had prompted the company to disconnect them from other parties. Subsequently, a representative of the American Hospital Association published an alert to the group’s roughly 5,000 member hospitals and other health-care providers advising them to disconnect their systems from Change Healthcare,
The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of everything from financial markets to government services — and triggered cascading disruptions across their customer bases.
