UnitedHealth Group, Optum's parent company, disclosed in a Securities and Exchange Commission filing that a "suspected nation-state associated cybersecurity threat actor" is behind a recent cyberattack on Change Healthcare.
The healthcare giant said they identified the actor on Wednesday, Feb. 21 and moved quickly to isolate the effected systems.
"On February 21, 2024, UnitedHealth Group identified a suspected nation-state associated cybersecurity threat actor had gained access to some of the Change Healthcare information technology systems," the company wrote. "Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident."
UHG said it is working to restore the impacted systems but does not have a definite timeline for the length of any disruption. UnitedHealth added that it "has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies."
The company said it is unclear at present how the cyberattack could impact its earnings. Dean Unger, vice president and senior credit officer at Moody's Investors Service, said in a statement that the situation would likely be credit negative.
The American Hospital Association is recommending that its members consider disconnecting from Optum's services until a cybersecurity incident at its Change Healthcare arm is resolved.
The AHA posted on its website that the cyberattack could have significant impacts on providers, and so disconnecting from Optum is "in the interest of protecting our partners and patients" if a facility is at risk of being effected.
"Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain health care technologies and clinical authorizations provided by Optum across the health care sector," AHA said.
The AHA is also suggesting that its members develop contingency plans should Change Healthcare's systems remain down for a significant amount of time.
As of Friday morning, Optum reported that it believed the disruption from the attack will continue through the day.
Change Healthcare is mitigating a "cybersecurity issue" that began Wednesday, and details remain scant.
The company, now a subsidiary of UnitedHealth Group's Optum, disclosed Wednesday afternoon that it was experiencing connectivity issues that were later updated to be "enterprise-wide." Late Wednesday, the company confirmed that the issues were caused by a cybersecurity concern.
Optum last updated the situation late this morning, saying the incident appears to be isolated to Change Healthcare's platforms and that it had not spread to other segments of UHG.
"Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter," the company said. "Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact."
Change Healthcare provides the technology for revenue cycle and payment management to multiple sectors within the healthcare industry. It joined the fold at UnitedHealth Group in the fall of 2022 after clearing a legal challenge to the $8 billion deal.
Change processes 15 billion healthcare transactions each year, and its "clinical connectivity solutions" touch a third of U.S. patients, according to the company's website.
https://www.fiercehealthcare.com/payers/optums-change-healthcare-responding-cybersecurity-issue
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.