UnitedHealth Group hopes to restore Change Healthcare’s systems by mid-March, potentially resolving the ransomware outbreak that has crippled critical operations in the US healthcare system.
According to a Securities and Exchange Commission filing, the business learned that a cyber threat actor infiltrated a portion of Change Healthcare’s information technology network on February 21.
According to the complaint, UnitedHealth isolated and disconnected the impacted systems “immediately upon detection” of the attack, although this caused interruptions in pharmacy services, payment platforms, and medical claims processing.
UnitedHealth announced Thursday that electronic prescribing is “now fully functional,” with payment transfer and claim submissions now available. The business expects electronic payment functionality to be restored by March 15, and will begin testing connectivity with its claims network and software on March 18.
According to the company’s press release, there is “no indication” that any other UnitedHealth systems were affected during the incident.
“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” UnitedHealth CEO Andrew Witty stated in the announcement.
On Friday, UnitedHealth announced a temporary funding assistance program to aid health-care providers facing cash flow issues as a result of the attack. The business announced Thursday that it is giving “further funding solutions” for providers, which would include “advancing funds each week.”
UnitedHealth acknowledged that the program does not meet the needs of all providers, so it is expanding it to include those “who have exhausted all available connection options, and who work with a payer who has opted not to advance funds to providers during the period when Change Healthcare systems remain down,” according to the release.
UnitedHealth stated that the advances will not have to be repaid until claims flows return to normal.
Change Healthcare confirmed in late February that the cybersecurity attack was carried out by the ransomware gang Blackcat. Blackcat, also known as Noberus and ALPHV, takes sensitive material from organizations and threatens to expose it unless a ransom is paid, according to a December press release from the US Department of Justice.
Ransomware attacks are especially dangerous in the healthcare sector because they can cause instant harm to patients’ safety when life-saving systems fall down. UnitedHealth did not clarify in the announcement what type of data was compromised in the incident or whether it paid a ransom to restore its systems back up.
