DoD Cyber Security Blogs healthcare cyber

UnitedHealth confirms that the US healthcare billing outage was caused by an Optum hack.

A cyberattack by “nation-state” hackers on the Change Healthcare platform forced UnitedHealth Group’s subsidiary Optum to shut down IT systems and a number of services, the healthcare giant confirmed.

A health insurance provider with locations in all 50 US states is United Health Group ( UHG). With 440, 000 employees worldwide and a revenue of$ 3324.2 billion in 2022, the company is the largest healthcare company in the world.

The Change Healthcare platform, the largest payment exchange platform in the US healthcare system between physicians, pharmacies, healthcare providers, and patients, is run by Optum Solutions, its subsidiary.

You can get in touch with us privately at Signal at 646-961-3731 or at [email protected] if you have any information about this incident or any other unreported attacks.

Massive cyberattack on Optum

Customers were first informed by Change Healthcare on Wednesday that some of its services were no longer available; the company later claimed that a cybersecurity incident was to blame.

Optum’s Change Healthcare services were disrupted, according to an 8-K filing that UnitedHealth Group submitted to the SEC yesterday. The cyberattack was allegedly carried out by “nation-state” hackers.

According to the filing,” On February 21, 2024, UnitedHealth Group ( the” Company” ) discovered that a potential actor with nation-state-associated cyber security threats had access to some Change Healthcare information technology systems.

In order to contain, evaluate, and correct the incident, the Company “proactively isolated the impacted systems from other connecting systems as soon as this external threat was detected.”

The Company” cannot currently estimate the duration or extent of the disruption, but is working diligently to restore those systems and resume normal operations.”

The outage is currently having an effect on 119 Change Healthcare and Optum services and platforms, according to the portal’s regular updates on the status of its services. &nbsp,

For electronic health record ( EHR ) systems, payment processing, care coordination, and data analytics, Change Healthcare is widely used in US healthcare systems.

Due to the outage, employees at healthcare clinics, medical billing firms, and pharmacies have reported having a variety of issues, such as being unable to send or bill for prescriptions or healthcare services.

The majority of neighborhood and box store pharmacies across the nation are unable to process insurance claims or accept discount prescription cards, which has been a particularly obvious sign of the payment processing disruption in the pharmacy industry.

The American Hospital Association ( AHA ) issued a warning yesterday urging all healthcare organizations that rely on Optum solutions to immediately disconnect their systems in order to protect the data of their partners and patients.

The American Hospital Association advised all healthcare organizations that were disrupted or could be exposed by this incident to think about disconnecting from Optum until it has been independently determined to be safe to do so.

In order to stop the attack from spreading to their own systems, healthcare providers have started to cut off all connections to Optum, Change Healthcare, and UHG, according to BleepingComputer.

The Weill Cornell and Columbia hospitals are part of the New York Presbyterian healthcare system, which advises partners to stop using UGH services, according to Columbia University&nbsp.

A warning about the attack from Columbia University
A warning about the attack from Columbia University
BleepingComputer is the source.

Additionally, UnitedHealth Group’s domains have all email connections blocked, according to Columbia University, and it is advised that no employees access them until they have been given a safe password.

Additionally, we have taken the extraordinary precaution of preventing email from the following domains: &nbsp, Optum.com, Changehealthcare.Com, Caremount. Com, and Uhc…com.” We have also taken this precaution to reduce the risk that this external cyber security event poses to our computing environment.

Tricare, the US military’s active-duty healthcare provider, has also been impacted, announcing that the Optum outage has compelled all US&nbsp military pharmacies worldwide to manually fill prescriptions.

Change Healthcare and Optum’s outages show all the symptoms of a ransomware attack, despite the fact that it is unclear what kind of attack is responsible for them.

It’s likely that patient and business data would have been stolen in this cyberattack if it had been carried out by a ransomware gang.

When a ransom is not paid, the threat actors will use the stolen data as leverage and threaten to leak it.

Official information about the scope of the cyberattack has not yet been made public, and an investigation into the incident is ongoing.


Update&nbsp, 2/23 ( 1 )- According to information we’ve received, the incident also has an effect on Availity, Therabill’s clearinghouse, which has halted the processing of claims and remittance advice.

Change Healthcare notified Availity in an email that was distributed by the company, and as a precaution, the latter severed ties with Optum, United Healthcare, &nbsp, etc.

According to reports, Therabill’s security team has n’t found any data compromises among its members and is keeping a close eye on the situation to protect their data.

Skip to content