Photo: HIMSSMedia
Fallout from Wednesday’s cybersecurity attack on Change Healthcare continued into the weekend, with no reported end to the disruption to its own and other healthcare systems.
On Friday, AHA President and CEO Rick Pollack called such cyberattacks, “threat-to-life crimes.”
Pollack held a call with hospital leaders on Friday, he said.
UnitedHealth Group said it had identified a suspected nation-state associated cybersecurity threat actor that had gained access to some of the Change Healthcare information technology systems, according to a regulatory filing Thursday with the Securities and Exchange Commission. “The company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time.
“At this time, the company believes the network interruption is specific to Change Healthcare systems, and all other systems across the company are operational. During the disruption, certain networks and transactional services may not be accessible.”
UnitedHealth Group is the parent company of Optum, which acquired Change in 2022.
On Saturday, the Optum status report posted information that was relatively unchanged since Wednesday.
“Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue,” the status report said.
“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.”
WHY THIS MATTERS
The disconnection of Change Healthcare’s systems could affect hospitals, according to the AHA.
Pollack said Friday, “The cyberattack may carry serious repercussions across the wider healthcare field.”
Numerous hospitals, insurers and pharmacies use the healthcare technology services provided by Optum and Change. Optum is a major provider of services in technology, data, pharmacy care and direct healthcare.
Change Healthcare provides prescription processing services through Optum, which supplies technology services for more than 67,000 pharmacies and care to 129 million individual customers.
The Wall Street Journal reported on Friday that healthcare organizations were being forced to revert to manual procedures after Change disconnected services.
Pharmacy services have reportedly been disrupted. CVS told Forbes the attack was impacting certain business operations but said there was no indication that its systems had been compromised.
“Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain healthcare technologies and clinical authorizations provided by Optum across the healthcare sector,” the American Hospital Association said on Thursday in a cybersecurity advisory.
The AHA advised all healthcare organizations that were disrupted or potentially exposed to Change Healthcare’s cybersecurity incident to disconnect from Optum.
THE LARGER TREND
UnitedHealth said in the SEC filing Thursday, “Immediately upon detection of this outside threat, the company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.”
It also said that as of the date of this report, UnitedHealth has not determined the incident is reasonably likely to materially impact the company’s financial condition or results of operations.
ON THE RECORD
AHA President and CEO Rick Pollack said Friday, “This week’s cyberattack on Change Healthcare, one of the nation’s largest healthcare technology companies, is yet another unwelcome reminder of the ability of cybercriminals to take advantage of our mission of caring by disrupting daily operations.
“These are threat-to-life crimes, and the AHA has been at the forefront of the effort to fight back, working closely with federal agencies and the hospital field to build trusted relationships and channels for the mutual exchange of cyber threat information, risk mitigation practices and resources to implement these practices.”
Email the writer: SMorse@himss.org
“Digital Twins in Healthcare: The Next Level in Medical Simulation” is scheduled for Tuesday, March 12, 4:15-5:15 p.m. ET, in W304A at HIMSS24 in Orlando. Learn more and register.
HIMSS Media