UnitedHealth working to restore Change Healthcare systems by mid-March, company says


In this photo illustration the UnitedHealth Group logo seen displayed on a smartphone screen.

Sheldon Cooper | soup images | Light rocket | fake images

UnitedHealth Group on Thursday said it hopes to restore Change Healthcare's systems by mid-March, offering a possible resolution to the ransomware attack that has disrupted crucial operations across the U.S. healthcare system.

The company discovered that a cyber threat actor breached part of Change Healthcare's information technology network on February 21, according to a filing with the Securities and Exchange Commission.

UnitedHealth isolated and took affected systems offline “immediately upon detection” of the threat, according to the document, but in doing so disrupted pharmacy services, payment platforms and medical claims processes.

UnitedHealth said in a statement Thursday that e-prescribing “is now fully functional” and that payment transmission and claims submission are currently available. The company said it expects electronic payment functionality to be restored on March 15 and will begin testing connectivity with its network and claims software on March 18.

“There is no indication” that any other UnitedHealth systems were compromised in the attack, the company said in the statement.

“We are committed to providing relief to people affected by this malicious attack on the U.S. healthcare system,” UnitedHealth CEO Andrew Witty said in the statement.

On Friday, UnitedHealth announced a temporary financial assistance program to help healthcare providers who are experiencing cash flow issues as a result of the attack. The company said Thursday that it is providing “more financing solutions” to suppliers, which will mean “advancing funds each week.”

UnitedHealth said it recognizes that the program does not meet the needs of all providers, so it is expanding the program to include those “who have exhausted all available connection options and who are working with a payer that has chosen not to advance funds to providers during the period in which Change Healthcare systems remain down,” according to the statement.

UnitedHealth said advances will not need to be refunded until claim flows return to normal.

In late February, Change Healthcare said the Blackcat ransomware group was behind the cybersecurity attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December statement from the US Department of Justice.

Ransomware attacks can be particularly dangerous in the healthcare sector, as they can cause immediate harm to patient safety when life-saving systems are shut down. UnitedHealth did not specify in the statement what type of data was compromised in the attack or confirm whether the company paid a ransom to bring its systems back online.

scroll to top