Change Healthcare Restores Pharmacy Network after Cyberattack Fiasco

The company reported that "99% of pre-incident claim volume is flowing," and key pharmacy and payment systems are operational.

Following weeks of disruption caused by a cyberattack targeting Change Healthcare's systems, UnitedHealth Group has now reported that the Healthcare’s Pharmacy network is back online.

The company reported that "99% of pre-incident claim volume is flowing," and key pharmacy and payment systems are operational. 

Despite this progress, challenges persist, with a subset of pharmacies still offline, disruptions affecting infusion pharmacies, and issues impacting some Medicaid fee-for-service customers.

Sharing insights, a spokesperson for UnitedHealth Group said, "While these actions represent positive momentum, our teams are still working to address a subset of pharmacies that are still offline, disruption for infusion pharmacies, and challenges for some Medicaid fee-for-service customers."

Additionally, UnitedHealth Group's collaborative investigation with Mandiant and Palo Alto Networks identified the intrusion's source and established a secure restore point. 

However, the investigation remains ongoing as the company ensures the safe restoration of data and systems.

Federal Investigations & Industry Pressures Intensify

In response to the cyberattack, the Office for Civil Rights (OCR) initiated an investigation into Change Healthcare, a unit of UnitedHealth Group. 

OCR Director Melanie Fontes Rainer emphasized the need to determine if protected health information was breached and to assess compliance with HIPAA Rules.

Simultaneously, federal officials, including Secretary Xavier Becerra and Neera Tanden, convened a meeting pressing UnitedHealth Group and other insurers to support financially strained healthcare providers impacted by the cyberattack. 

The urgency of addressing payment delays and disruptions in healthcare services was underscored during the meeting.

Legal Ramifications Emerge Amid Ongoing Recovery Efforts

Moreover, legal actions have also been initiated in response to the cyberattack, with patients filing lawsuits against Change Healthcare for alleged failures in safeguarding their data. 

Law firms are exploring potential class actions to seek redress for patients affected by disruptions in healthcare services.

In response, UnitedHealth Group outlined a timeline for restoring Change Healthcare's systems, aiming for full restoration by mid-March. The company introduced funding assistance programs for affected providers and implemented temporary measures to mitigate the impact on patient care.

Additionally, in response to the cyberattack, Optum confirmed the involvement of the cybercrime group BlackCat or ALPHV and deployed multiple workarounds to ensure continued access to medications and services.

A joint advisory by the FBI, HHS, and CISA highlighted warning signs of ransomware attacks targeting the healthcare sector. The agencies stressed the importance of vigilance and proactive measures to mitigate cyber threats.

As investigations continue and recovery efforts intensify, UnitedHealth Group remains committed to addressing the challenges posed by the cyberattack and safeguarding the integrity of healthcare systems and patient data.

The cyberattack on Change Healthcare underscores the vulnerability of healthcare infrastructure to cyber threats and the critical importance of robust cybersecurity measures.