UnitedHealth Group’s Change Healthcare continues to work to restore systems and resume normal operations after a cyberattack.
“The disruption is expected to last at least through the day,” the company said in an update posted Friday (Feb. 23) at 9:54 a.m. Eastern time. “We will provide updates as more information becomes available.”
Change Healthcare posted its first update reporting connectivity issues Wednesday (Feb. 21) at 2:15 a.m. EST, saying that “some applications are currently unavailable” and that the company was triaging the issue.
UnitedHealth Group identified the cyberattack Wednesday, finding that a “suspected nation-state associated cybersecurity threat actor” gained access to some of its Change Healthcare IT systems, according to a Thursday (Feb. 22) filing with the Securities and Exchange Commission.
Immediately upon finding the attack, UnitedHealth Group isolated the affected systems from other connecting systems to contain the threat, according to the filing.
The company said only its Change Healthcare systems are affected, and its other systems remain operational, according to the filing. On the systems that are impacted, some networks and transactional services are not operational.
“The company is working diligently to restore those systems and resume normal operations as soon as possible but cannot estimate the duration or extent of the disruption at this time,” the filing said.
The company has retained security experts, is working with law enforcement, and has notified customers, clients and certain government agencies, per the filing.
The cyberattack has affected several pharmacies.
TechCrunch reported Thursday that one pharmacy said it couldn’t process prescriptions through patients’ insurance due to the outage.
Change Healthcare is a healthcare technology company offering the U.S. healthcare system a platform that uses data and analytics to improve clinical, financial, administrative and patient engagement outcomes.
It was reported in June that cyberattacks on American hospitals are growing in number and sophistication. As of that time, 226 digital attacks affecting 36 million people had taken place in the first half of 2023, according to John Riggi, the national adviser for cybersecurity and risk at the American Hospital Association.