Change Healthcare

Change Healthcare brings some systems back online after cyberattack

Some of Change Healthcare’s systems are functional as of Friday, and others will be online by mid-March as the response continues to cyberattack that has disrupted operations for weeks, according to an update from parent company UnitedHealth Group.

“UnitedHealth Group continues to make substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare claims and payment infrastructure,” UnitedHealth said in a statement posted Thursday night.

Change Healthcare’s electronic prescribing services for pharmacies are “now fully functional,” said UnitedHealth, which owns the company through its Optum division. Pharmacy claim submission and payment transmission are available, the statement said.

Other aspects of the Change Healthcare system still need more work after a late February cyberattack disrupted it and caused problems nationwide for pharmacies, hospital systems, physician networks and other healthcare organizations. Users have been unable to properly file for and receive insurance payments.

The broader payments platform will be running again on March 15, UnitedHealth said. As for its medical claims technology, officials expect to “begin testing and reestablish connectivity” through the week of March 18.

“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” UnitedHealth CEO Andrew Witty said in the statement. “All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

UnitedHealth also said it would continue to provide funding support for users. Large healthcare providers have reported cash flow problems of hundreds of millions of dollars as they were unable to receive payments for claims.

The statement did not include information about the investigation into the attack, which the company has blamed on the AlphV/BlackCat ransomware group.

Company officials have continued to decline to comment on whether the company paid a ransom. Reports have said the cybercrime gang allegedly received a payment of $22 million.

AlphV/BlackCat, meanwhile, has been the subject of intense scrutiny as cybersecurity experts noticed activity earlier this week that suggested leaders were attempting to pull an elaborate scam on the group’s affiliates.

The incident continues to draw attention from Washington. Senators wrote on Friday to leaders at the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to request that the agencies create "enhanced contingency plans for outages within the healthcare ecosystem" and broaden the activities of the public-private Joint Cyber Defense Collaborative (JCDC) "to ensure key healthcare sector entities proactively receive actionable threat information."

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Joe Warminsky

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.