UnitedHealth Group has announced that it anticipates restoring Change Healthcare’s systems by mid-March following a ransomware attack that disrupted vital operations in the U.S. healthcare system. The cyber threat actor breached part of Change Healthcare’s information technology network on February 21, prompting UnitedHealth to isolate and disconnect the impacted systems upon detection. This action temporarily interrupted pharmacy services, payment platforms, and medical claims processes. However, as of now, electronic prescribing is fully operational, and payment transmission and claim submissions are available. Electronic payment functionality is expected to be fully restored by March 15, with connectivity testing planned for March 18. Fortunately, there is no evidence to suggest that any other UnitedHealth systems have been compromised in this attack.
UnitedHealth Group has introduced a temporary funding assistance program to aid healthcare providers experiencing cash flow difficulties due to the cyberattack. The company is offering additional funding solutions for providers, advancing funds on a weekly basis. Recognizing that not every provider’s needs are met by the program, UnitedHealth is expanding it to include those who have exhausted all options and work with payers that are not advancing funds during this time. These advances will not be required to be repaid until claims processing returns to normal.
Change Healthcare identified Blackcat as the ransomware group responsible for the cybersecurity breach in late February. Blackcat, also known as Noberus and ALPHV, is notorious for stealing sensitive data from organizations and threatening to release it unless a ransom is paid. Ransomware attacks are particularly perilous in the healthcare sector, as they can jeopardize patients’ safety by disrupting critical systems. The U.S. Department of Justice has previously warned about the dangers posed by such attacks.
UnitedHealth Group has not disclosed the nature of the compromised data or confirmed whether a ransom was paid to restore its systems. The company’s focus remains on resolving the issue and providing relief to those impacted by the cyberattack. CEO Andrew Witty reiterated UnitedHealth’s commitment to aiding individuals affected by the malicious incident and ensuring the stability of the U.S. healthcare system.
The cybersecurity incident involving Change Healthcare underscores the growing threat of ransomware attacks targeting critical infrastructure. UnitedHealth Group’s proactive response and efforts to restore its systems demonstrate its dedication to safeguarding patient information and maintaining the integrity of healthcare services. As cybersecurity threats continue to evolve, organizations must remain vigilant and implement robust measures to protect sensitive data and prevent disruptive cyber incidents.