HHS generally does not rush to issue any notice about a cyberattack, but today, they issued a quick one about Change Healthcare:
U.S. Department of Health and Human Services (HHS) is aware that a cyber incident was identified in Optum Insight’s Change Healthcare’s technology systems on February 21. HHS is working closely with Optum Insight to assess the cyber incident and its impact on patient care. The incident is a reminder to all healthcare providers and contractors to stay vigilant. Please visit the HPH Cyber Performance Goals website for more details on steps to stay protected.
It is now Day 2 since Change Healthcare first reported a “connectivity issue” that was widespread. Over the course of the day, they changed their wording to reveal that they were dealing with a cyberattack that led them to disconnect systems proactively. By today, the situation was still not resolved, with about 120 Change Healthcare applications affected*. Their last system update was at 10:45 EST this morning:
Change Healthcare is experiencing a network interruption related to a cyber security issue and our experts are working to address the matter. Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. We will provide updates as more information becomes available.
Posted 8 hours ago. Feb 22, 2024 – 10:47 EST
The lack of any ETA to restore services does not bode well. Patient care is already reportedly being impacted as pharmacies struggle to fill prescriptions. The attack is reportedly already impacting military clinics and hospitals worldwide and retail pharmacies nationally.
Yesterday, UnitedHealth Group submitted an 8-K filing with the SEC that reported that they identified a suspected nation-state associated threat actor:
Item 1.05. Material Cybersecurity Incidents.
On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.
The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational.
During the disruption, certain networks and transactional services may not be accessible. The Company is providing updates on the incident at https://status.changehealthcare.com/incidents/hqpjz25fn3n7. Please access that site for further information.
As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
*This incident affects: Change Healthcare Enterprise, Clinical Network (Clinical Document Collector API, Clinical Exchange, Clinical Exchange Channel Partners including ePrescribe and Orders & Results, Clinical Exchange Labs and Hospitals, CommonWell, Connectivity Gateway), Cost Transparency (Predictive Engagement, Provider Directory, True View), Dental Network (Credentialing Advocate Solution, Dental Claim Attachments, Dental Connect, Dental Credentialing Manager, Dental EDI Network, Dental Practice Analytic Insights, Dental Revenue Cycle Insights, SimpleAttach Solution), Eligibility & Enrollment (Dual Enrollment Advocate & Recert Complete, My Advocate, Part D Complete & Community Advocate, SSI Enrollment Advocate), Medical Network (Advanced Claim Management, Batch Claims, Claiming & Remittance, Claims Automation, Eligibility & Patient Access, ERA Transactions, Medical Claim Attachments, Paper-to-EDI, Payer Connectivity Services, Payer Data Services, Payer Finder website and API, Real-time Eligibility Transactions, Revenue Analytics), Medical Network APIs (Claims Responses and Reports API, Claims Status API, Eligibility API, Institutional Claims API, Payer Finder API, Professional Claims API), Medical Record Retrieval & Clinical Review (Clinical Abstraction, Medical Record Retrieval, Risk Adjustment Coding), Member Engagement & Experience (Interoperability API Connector, Member Payments, Smart Connect, Smart Appointment Scheduling, & Clinical Care Visits), Patient Engagement & Experience (Shop Book and Pay, Virtual Front Desk), Pharmacy Benefits & TPA (Medicaid Pharmacy Benefits Services, Smart Commercial Pharmacy Services), Provider Network Optimization (Contract Manager, Provider Manager, Reimbursement Manager), Revenue Cycle Management (AccuPost, Acuity Revenue Cycle Analytics, Ahi Lobby, AhiQA, Ambulatory Claims Manager, Assurance Reimbursement Management, Claims & Denials Advisor, Claims & Denials Management, Clearance Patient Access Suite, Financial Clearance, National Payments Connector, Patient Engagement Suite, Reporting & Metrics, Revenue Integrity, Revenue Performance Advisor), Risk Adjustment & Quality (Compliance Reporter, Dx Gap Advisor, Edge Complete, EMR Risk Advisor, Encounter Complete, Risk View), Value-Based Care (Business Process as a Service (BPaaS), Episode Manager, HealthQx, Prometheus Analytics, Risk Manager, Third-Party Administration, Value-Based Care Transformation Services), Customer Portals (Client Access System, ConnectCenter, Customer Care Hub, Customer Connection, Download Central, Download Connect, Enrollment Central, Vision), Payer Communications and Payment Services (Communications Complete – Payer, Payer Communications and Print, Payer Enrollment Services, Payment Network Advocate, Settlement Advocate), Provider Communications and Payment Services (Communications Complete – Provider, Member Correspondence Advocate, Patient Billing & Statements, Payment Automation, SmartPay for Providers, SmartPay Payment Integration, SmartPay Plus for Providers), Clinical Decision Support (InterQual® Coordinated Care, InterQual® Customize, InterQual® Review Manager – Hosted, InterQual® Government Services), and Pharmacy Solutions (MedRx, Network Solutions, Revenue Cycle Management, Rx Assist, Rx CardFinder Services, Rx Connect Solution, Rx Edit, SelectRx, UPBS Analytics website, UPBS Claims Manager website, UPBS Claims Processing, UPBS Configuration Manager website, Vaccination Record).
Update of February 23
Change Healthcare’s most recent status update:
Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue.
We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.Posted Feb 23, 2024 – 18:32 EST