Change Healthcare brings some systems back online after cyberattack

Some of Change Healthcare’s systems are functional as of Friday, and others will be online by mid-March as the response continues to cyberattack that has disrupted operations for weeks, according to an update from parent company UnitedHealth Group.

“UnitedHealth Group continues to make substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare claims and payment infrastructure,” UnitedHealth said in a statement posted Thursday night.

Change Healthcare’s electronic prescribing services for pharmacies are “now fully functional,” said UnitedHealth, which owns the company through its Optum division. Pharmacy claim submission and payment transmission are available, the statement said.

Other aspects of the Change Healthcare system still need more work after a late February cyberattack disrupted it and caused problems nationwide for pharmacies, hospital systems, physician networks and other healthcare organizations. Users have been unable to properly file for and receive insurance payments.

The broader payments platform will be running again on March 15, UnitedHealth said. As for its medical claims technology, officials expect to “begin testing and reestablish connectivity” through the week of March 18.

“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” UnitedHealth CEO Andrew Witty said in the statement. “All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

UnitedHealth also said it would continue to provide funding support for users. Large healthcare providers have reported cash flow problems of hundreds of millions of dollars as they were unable to receive payments for claims.

The statement did not include information about the investigation into the attack, which the company has blamed on the AlphV/BlackCat ransomware group.

Company officials have continued to decline to comment on whether the company paid a ransom. Reports have said the cybercrime gang allegedly received a payment of $22 million.

AlphV/BlackCat, meanwhile, has been the subject of intense scrutiny as cybersecurity experts noticed activity earlier this week that suggested leaders were attempting to pull an elaborate scam on the group’s affiliates.

The incident continues to draw attention from Washington. Senators wrote on Friday to leaders at the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to request that the agencies create "enhanced contingency plans for outages within the healthcare ecosystem" and broaden the activities of the public-private Joint Cyber Defense Collaborative (JCDC) "to ensure key healthcare sector entities proactively receive actionable threat information."