Restoring Change Healthcare Systems Targeted for Mid-March
UnitedHealth Group has announced its expectation to fully restore Change Healthcare’s systems by mid-March, potentially resolving the ransomware attack that disrupted crucial operations within the U.S. healthcare system. The cyber threat actor breached part of Change Healthcare’s information technology network on February 21, prompting UnitedHealth to isolate and disconnect the affected systems immediately upon detection, as revealed in a filing with the Securities and Exchange Commission.
While these measures were taken promptly, the disconnection disrupted vital services, including pharmacy operations, payment platforms, and medical claims processes. In response, UnitedHealth has made progress in restoring functionality. Electronic prescribing is fully operational, and payment transmission and claim submissions are available. The company anticipates restoring electronic payment functionality by March 15 and will begin testing connectivity with its claims network and software on March 18.
UnitedHealth has emphasized that there is no indication that any other systems within the company were compromised during the attack. CEO Andrew Witty expressed the company’s commitment to providing relief for those affected by this malicious assault on the U.S. health system.
Recognizing the challenges healthcare providers face due to the attack, UnitedHealth has introduced a temporary funding assistance program. This program aims to help providers experiencing cash flow issues by advancing funds each week. The company acknowledges that this assistance may not meet the needs of every provider. As a result, it is expanding the program to include those who have exhausted all available options and work with a payer that has chosen not to advance funds during the period when Change Healthcare systems remain down. Theances will not require repayment until claims flows return to normal.
In late February, Change Healthcare identified the ransomware group Blackcat as the perpetrator of the cyber attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data and threatens to publish it unless a ransom is paid. The U.S. Department of Justice highlighted Blackcat’s activities in a December release. The specifics of the compromised data and whether a ransom was paid to restore systems remain undisclosed by UnitedHealth in their recent release.
Comment Template