A cyberattack targeting a unit affiliated with UnitedHealthcare, the largest insurer in the United States, has caused significant disruptions in prescription drug orders at thousands of pharmacies over the past week.
The affected unit, Change Healthcare, which is a division of Optum, discovered the attack last Wednesday. According to two senior federal law enforcement officials, the attack is believed to have originated from a foreign country, raising concerns about the extent of the disruption.
UnitedHealth Group, the conglomerate that owns Change Healthcare, revealed in a federal filing that it had been forced to disconnect parts of Change’s digital network from its clients. As of Monday, the company had not been able to fully restore all disrupted services.
Change Healthcare plays a critical role in handling approximately 15 billion transactions annually, accounting for a significant portion of U.S. patient records. These transactions encompass not only prescriptions but also dental, clinical, and other medical needs.
This cyberattack highlights the vulnerability of healthcare data, especially patients’ personal information contained in their medical records. Hundreds of breaches at hospitals, health plans, and doctors’ offices are currently under investigation by federal authorities.
The disruption caused by the attack has been widespread, affecting even U.S. military operations overseas. Some reports indicate that individuals have been required to pay for their medications in cash due to the outage.
In response to the threat, UnitedHealth took swift action, shutting down several services provided by Change Healthcare. These services include systems that allow pharmacies to quickly check patients’ insurance coverage for medication costs. Hospitals and physician groups that rely on Change for billing and payment processing may also experience disruptions.
While large drugstore chains like Walgreens have reported limited effects from the attack, smaller pharmacies heavily rely on Change Healthcare’s services. Pharmacies across the country have experienced difficulties in processing prescriptions for insured patients, leading to delays in accessing essential medications.
Tricare, the healthcare program for the U.S. military, has been forced to fill prescriptions manually due to the attack’s impact on Change Healthcare’s systems. Delays in medication availability are expected to persist, prompting Tricare to issue warnings to its beneficiaries.
While the motives behind the attack are not yet known, cybersecurity experts speculate that it may involve ransomware or an attempt to disrupt the healthcare system’s operations. The concentration of critical healthcare services within UnitedHealth Group makes it an attractive target for cybercriminals.
As the healthcare industry grapples with an increasing number of cyberattacks, organizations are advised to remain vigilant and prioritize cybersecurity measures to safeguard patient data and ensure uninterrupted access to medical services.