Change Healthcare [1] [2] [3] [4] [5] [6] [7] [8] [9], a prominent healthcare technology company in the US [5] [6], experienced a nationwide cyber incident suspected to be sponsored by a foreign nation-state.


Change Healthcare [1] [2] [3] [4] [5] [6] [7] [8] [9], a major healthcare technology company in the US and a part of Optum and UnitedHealth Group, experienced a nationwide cyber incident on Feb 21, suspected to be sponsored by a foreign nation-state [3]. The cyberattack has impacted tens of thousands of pharmacies nationwide [3], including Michigan-based Scheurer Health and Walgreens, leading to delays and disruptions in processing prescriptions [3]. While UnitedHealth Group’s systems remained operational [9], pharmacies like the Naval Hospital in Camp Pendleton and Evans Army Community Hospital in Colorado are unable to process prescription claims [3]. GoodRX [3], a prescription discount provider [3], has also been affected by the cyberattack [3]. Change Healthcare has disconnected its systems to protect partners and patients, isolating the attack and working to restore its systems. The disruption is specific to Change Healthcare’s network and has caused difficulties in transmitting data between health-care providers and insurance companies, affecting various applications such as pharmacy [8], medical records [8], dental [2] [8], payment services [6] [8], and patient engagement [8]. The outage is expected to last throughout the day [3], with updates to be provided as more information becomes available [3]. Organizations like BlueCross BlueShield of Montana have advised disconnecting from Change Healthcare [7], while the American Hospital Association recommended disconnecting from Optum [7], a part of UnitedHealth [7] [9], due to potential disruptive effects on revenue cycle and health-care technologies [7]. CVS and Walgreens Boots Alliance reported limited disruptions in processing insurance claims for prescriptions but are working to ensure continued access for patients [7]. Patients have expressed concerns about accessing medication during this time [8], and relevant authorities are working to address the cybersecurity issue. Cyberattacks in healthcare have increased [1], exposing patient data and delaying care [1]. Regulators have issued guidance on safeguards [1], as the industry faces high-profile attacks [1]. UnitedHealth acquired Change Healthcare in 2022 [9], despite concerns about data mining from healthcare claims [1]. The incident [1] [2] [5] [7] [8] [9], which began on Wednesday [2], has led to connectivity issues and frustrations for patients trying to refill prescriptions [2]. Reports of the outage have spread nationwide [2], with some providers unable to process prescriptions due to the largest prescription processor in North America being affected [2]. Change Healthcare’s technology processes billions of patient payments annually and is linked to a significant portion of US patient records [2]. UnitedHealth Group’s merger deal with Optum and Change was valued at nearly $8 billion [2].


The cyber incident at Change Healthcare has had significant impacts on pharmacies, healthcare providers [7], and patients nationwide. Efforts are being made to mitigate the disruptions and address cybersecurity concerns in the healthcare industry. The incident highlights the importance of cybersecurity measures and the potential risks associated with data breaches in the healthcare sector.