Change Healthcare Cyber-Attack Leads to Prescription Delays

Written by

Health tech firm Change Healthcare, part of Optum, has been hit by a cyber-attack, leading to delays in prescriptions being issued to patients.

The US-based company is providing regular updates of the incident on the website of healthcare services giant Optum, which it merged with in 2022. Optum is a subsidiary of UnitedHealth Group, which has access to around one-third of US patients and handles 15 billion healthcare transactions annually.

An initial post published at 02.15 ET on February 21 revealed that some of Change Healthcare’s applications were unavailable, with later updates describing a network interruption.

A later update at 14.09 confirmed that the disruption was caused by a cybersecurity issue, it was then revealed that the company took immediate action to disconnect its systems to prevent further impact after becoming aware of an “outside threat.”

The incident is still ongoing at the time of writing, with the latest update at 09.09 ET on February 22. Change said it expects disruption to last “at least through the day.”

The company has listed numerous applications across areas such as pharmacy, medical records, dental, payment services and patient engagement as still affected.

Reports quickly emerged of pharmacies being unable to process patient prescriptions as a result of the disruption.

Michigan-based Scheurer Health was unable to process prescriptions at any of its four locations of Scheurer Family Pharmacy “due to a nationwide outage from the largest prescription processor in North America.”

The outage was due to the inability to process prescriptions through patients’ insurance.

An update on the Facebook post revealed that Scheurer’s services are now running.

Some patients took to X (formerly Twitter) to complain to Optum about not being able to access medication, although it is not confirmed if this was a result of the network interruption.

Healthcare Sector Must Focus on Cyber Resiliency

Mickey Bresman, CEO of Semperis said he believes it is likely the incident is a result of a ransomware attack, with the healthcare sector a popular target for these groups due to the huge potential for disruption and sensitive data held.

He added that the story emphasizes the real-world consequences of cyber-attacks, particularly in critical sectors like healthcare.

“While it is too early to tell if the suspected ransomware attack on Change will affect the lives of patients in need of medications, they do reportedly process 15 billion transactions annually,” noted Bresman.

In this landscape, it is vital healthcare organizations prioritize the development and implementation of robust cyber incident response plans, according to Erfan Shadabi, cybersecurity expert at comforte AG.

“These plans serve as critical frameworks for swift and effective action in the event of a breach, minimizing the potential damage and ensuring business continuity. Furthermore, organizations must recognize the importance of investing in data-centric security measures, such as tokenization, to safeguard sensitive information effectively,” said Shadabi.

Update 1 - February 22: In an update at 11.32 ET, Optus said it believes the cybersecurity issue is specific to Change Healthcare and all other systems across UnitedHealth Group are operational.

Update 2 - February 23: The American Hospital Association (AHA) has advised that all healthcare organizations potentially exposed by this incident to disconnect their systems from Optum until it is independently deemed safe to reconnect.

What’s hot on Infosecurity Magazine?