Key Points:
- Pharmacies across the U.S. face prescription processing challenges due to a cyberattack on UnitedHealth’s Change Healthcare unit.
- UnitedHealth disclosed the cyberattack in a regulatory filing, attributing it to a suspected nation-state-sponsored threat actor.
- Change Healthcare reassured that the attack was isolated within its network and that efforts were underway to restore operations.
- The American Hospital Association advised medical facilities to disconnect from UnitedHealth’s network as a precautionary measure.
Pharmacies across the United States are facing challenges in getting prescriptions to patients due to a cyberattack on a unit of UnitedHealth, impacting the processing of prescriptions for insurance coverage.
In a regulatory filing on Thursday, UnitedHealth disclosed that its Change Healthcare business, responsible for processing prescriptions for tens of thousands of pharmacies nationwide, was targeted by hackers, leading to system compromises. The cyberattack was detected on Wednesday, and the company anticipated its effects to extend throughout Thursday.
As a result of the cyberattack, some pharmacies experienced difficulties in processing prescriptions to insurance companies for payment. For instance, the Naval Hospital in Camp Pendleton, California, announced on social media that it could not process any prescription claims due to the ongoing issue. Similarly, Evans Army Community Hospital in Colorado reported delays in processing and dispensing orders due to the outage, impacting pharmacy operations.
GoodRX, a platform offering prescription discounts, also acknowledged disruptions in its services, attributing them to the external issue affecting multiple providers. Even smaller pharmacies, like Moffet Drug in Norton, Kansas, took to social media to inform customers about the disruptions in their services caused by the cyberattack.
In its SEC filing, UnitedHealth suggested that the cyberattack might be the work of a nation-state-sponsored threat actor. The company stated that it had isolated the affected systems, notified law enforcement, and worked swiftly to restore operations.
Change Healthcare has reassured that the attack appeared contained within its network and had not spread to other parts of UnitedHealth Group. However, the disruption was expected to persist throughout the day, with ongoing efforts to resolve the issue.
Given the severity of the cyberattack, the American Hospital Association advised medical facilities to disconnect from UnitedHealth’s network as a precautionary measure to prevent exposure to the same attackers.
The incident underscores the vulnerability of healthcare systems to cyber threats and highlights the importance of robust cybersecurity measures in safeguarding sensitive patient data and maintaining critical healthcare services.
