UnitedHealth Group’s Subsidiary Change Healthcare Compromised in Suspected Nation-State Cyberattack

UnitedHealth Group (UHG), a major U.S. health insurance company, disclosed on Thursday that its subsidiary Change Healthcare fell victim to a cybersecurity incident likely orchestrated by government-backed hackers.

The healthcare giant filed the information with government regulators, attributing the ongoing cybersecurity breach affecting Change Healthcare to suspected nation-state hackers. The incident has led to a significant outage in Change Healthcare’s systems, with no specified timeframe for when normal operations will resume.

Change Healthcare, specializing in patient billing services across the U.S. healthcare system, processes billions of healthcare transactions annually and manages around one-third of U.S. patient records, impacting approximately a hundred million Americans.

The cyberattack, which commenced early Wednesday according to the company’s incident tracker, has yet to have its specific nature disclosed by Change Healthcare. The outage has had a tangible impact on pharmacies throughout the U.S., preventing them from processing insurance-related prescriptions, given Change Healthcare’s integral role in the billing process.

While UHG did not attribute the cyberattack to a specific nation or government in its filing, it emphasized its engagement with leading security experts, collaboration with law enforcement, and notifications to affected customers, clients, and relevant government agencies. The incident underscores the increasing threats faced by critical infrastructure providers in the healthcare sector, prompting concerns about the potential impact on patient care and data security.