Pharmacies across the United States are still grappling with substantial disruptions following a cyberattack on UnitedHealth’s technology unit, Change Healthcare, as reported by multiple pharmacy chains through official statements and on various social media platforms. The attack led to a nationwide outage of a network designed to communicate data between healthcare providers and insurance companies.
According to a filing last Thursday with the Securities and Exchange Commission (SEC), UnitedHealth discovered a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Wednesday.
The healthcare technology company, a part of Optum and owned by UnitedHealth Group, shared in a statement on its website on Monday that it had taken “immediate action to disconnect Change Healthcare’s systems to prevent further impact in the interest of protecting our partners and patients.” It further listed more than 100 Change Healthcare services that were impacted by the attack, including benefits verification, claims submission, and prior authorization.
In an email to Fast Company, Change Healthcare provided this update: “Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need. We also continue to work closely with law enforcement and a number of third parties, including Mandiant and Palo Alto Networks, on this attack against Change Healthcare’s systems. We appreciate the partnership and hard work of all of our relevant stakeholders to ensure providers and pharmacists have effective workarounds to serve their patients as systems are restored to normal. As we remediate, the most impacted partners are those who have disconnected from our systems and/or have not chosen to execute workarounds.”
Despite the widespread disruption, including prescription delays and frozen services at numerous pharmacies across the United States, the media response to the news has been noticeably low-key. As one contributor to a cybersecurity-focused Reddit forum posed, “I get that it will take some time before this gets to a critical mass of impacting the general public. Also, I suspect the impacted age group so far is skewed above the social media age. Still, it seems like a big story of a single point of failure regardless of what the root cause ends up being.”
Healthcare services, as part of an ongoing digital transformation, are gradually integrating technology into their processes and patient care. This shift has increased the importance of easily accessible and shareable patient data, making healthcare services particularly attractive to would-be cyberattackers. As data systems become crucial for hospital operations, some may prefer paying a ransom to restore functionality rather than risking losing access to their digital networks.
This vulnerability leaves hospitals exposed to cyberattacks, and even if a ransom is paid, there is no guarantee that attackers have deleted stolen data. Furthermore, hospitals must navigate the legal obligation to disclose data breaches, placing the responsibility squarely on their shoulders in dealing with such attacks.
Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the final deadline, June 7.
Sign up for Brands That Matter notifications here.
