Updated on February 27th to include new corporate statement.
A cyber attack on a division of United Healthcare, the country’s largest insurance company, disrupted prescription drug orders at thousands of pharmacies for about a week.
The attack on Change Healthcare, a division of United Airlines Optum, was discovered last Wednesday. Two senior federal law enforcement officials said the attack appeared to be of foreign origin and expressed alarm at the extent of Monday’s chaos.
This was announced by conglomerate UnitedHealth Group. in federal filings The company has been forced to disconnect parts of Change Healthcare’s vast digital network from customers, and as of Tuesday said it had not been able to restore all of those services. The company did not say when reconnection would be possible.
Change processes approximately 15 billion transactions annually, representing one in three patient records in the United States, and includes prescriptions as well as dental, clinical, and other medical needs. The company was acquired by UnitedHealth Group in 2022 for $13 billion.
This latest attack highlighted the vulnerability of medical data, particularly patient personal information, including personal medical records. hundreds of breaches Hospitals, health plans and clinics are under investigation, federal records show.
Federal officials said they were closely monitoring the situation. “This incident is yet another reminder of the interconnectedness of our nation’s healthcare ecosystem and the urgency of strengthening cybersecurity resiliency across the ecosystem,” said Jeff Nesbitt, spokesperson for the U.S. Department of Health and Human Services. ” he said. We are in contact with other federal agencies.
In this case, the turmoil spread far and wide, including to U.S. forces overseas. Change acts as a digital intermediary, helping pharmacies verify insurance coverage for patients’ prescriptions. Some reports indicate that people are being forced to pay in cash.
Last week, UnitedHealth suspended several services, including a service that allows pharmacies to quickly check patient drug costs, after discovering an “alleged state-affiliated cybersecurity threat actor” targeting Change. Some hospitals and physician groups that rely on Change to bill for payment may also be affected.
While major drugstore chains like Walgreens say it’s had limited effectiveness, many smaller companies say they rely on Change all the time to fill prescriptions for their insureds.
“For the past week, it’s been hit and miss as to whether or not we’ll be able to care for patients,” said Deird Price, who owns seven pharmacies in Kansas. Patients can pay cash if the drugs are cheap, but some customers are unable to receive more expensive treatments for the flu or coronavirus because their insurance status is unclear, he said. says.
“That’s a big mistake,” he said.
Tricare, which serves the U.S. military, said its pharmacies in the U.S. and abroad are being forced to fill prescriptions manually. It continued to warn people this week that there could be delays in getting their medicines.
“We have been working closely with our customers and clients to ensure people get the medicine and care they need,” Change said in a statement Monday night. The company said the majority of pharmacies had found a way to continue filling prescriptions, adding that billings had returned to normal levels on Tuesday.
The company said only a small portion of its customers reported problems getting the drugs.
Details about the attack are limited, including whether patients’ personal information was stolen. Change provides simple regular updates on its website. on monday, the company repeated Affected services may be unavailable for at least one more day. He also stressed that he was “highly confident” that other parts of United’s business were not targeted in the attack.
But there’s little question that United Airlines, whose vast operations touch nearly every aspect of health care, has become a particularly rich target.
“If you’re going to steal records, you want to go after the largest records you can get,” said Fred Langston, chief product officer at cybersecurity firm Critical Insight. “You’re literally hitting the jackpot.”
Langston said the attacker’s motive was not yet known. Ransomware may be involved, allowing the culprits to demand some ransom. The goal may have been to disrupt the health care system by making it harder to fill prescriptions and bill for treatment in a timely manner.
“Mission-critical services across the industry are concentrated, and that means a concentration of risk,” said John Riggi, national advisor for cybersecurity and risk at the American Hospital Association. The company advises hospitals to be careful about changes and connections with related companies.
Cliff Steinhauer, director of information security and engagement at the nonprofit National Cybersecurity Alliance, said the industry is seeing an increase in these types of attacks.
Federal authorities say major health data breaches nearly doubled from 2018 to 2022, including a spike in ransomware-related cases. According to one report, patients have to go to different facilities, resulting in delays in treatment. recent reports.
Steinhauer said that under federal law, patients must eventually be notified if their information is subject to any kind of breach. People will be alerted even if their information does not appear to be publicly available.
“It’s even worse if you find out your information is being sold on the dark web,” he says.
glen thrush and helen cooper Contributed to reporting from Washington.
