Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

Going deeper: The Change Healthcare attack

Going deeper: The Change Healthcare attack

The recent cyberattack on Change Healthcare, a pivotal player in the healthcare industry, sent shockwaves through the sector, disrupting services and prompting a response from government agencies and industry leaders. The cyber attack revealed the involvement of major healthcare industry players Change Healthcare, UnitedHealth Group, and Optum, leading to complex implications. But what organization was attacked, who owns who, and who was affected?


What happened? 

Healthcare organizations across the U.S. were thrown into disarray as Change Healthcare fell victim to an unprecedented cyberattack on February 21, 2024. The attack resulted in the shutdown of over 100 applications that were key to healthcare operations, including those related to pharmacy, medical records, clinical, dental, patient engagement, and payment services.

Initially suspected to be the work of a "nation-state associated cyber security threat actor," further investigations revealed the ransomware group BlackCat as the perpetrator of the attack. Known for its sophisticated ransomware-as-a-service model, BlackCat's highly advanced and elusive techniques posed significant challenges to traditional detection methods, exacerbating the impact of the attack.

The repercussions were swift and far-reaching, causing delays in claims processing and disruptions to revenue management services. This prompted Change Healthcare to provide real-time updates via UnitedHealth Group's website, as healthcare providers and pharmacies grappled with the aftermath of the attack.

In response, UnitedHealth Group mobilized substantial resources to mitigate the impact on consumers and care providers, prioritizing access to care and medications. Immediate actions included the restoration of required system functionalities, with a focus on electronic prescribing, claim submission, and payment transmission for pharmacy services. Additionally, funding support programs were initiated to bridge the short-term cash flow needs of affected providers, further demonstrating the commitment to alleviating the financial strain caused by the cyberattack.

As the healthcare industry continues to traverse the aftermath of this unprecedented event, the collaborative efforts of industry leaders and government agencies remain a focal point in addressing the multifaceted challenges posed by the cyberattack.


Who is involved and how?

The cyberattack against Change Healthcare has significantly affected the healthcare industry and the entities involved. Here's an analysis of the involvement of each entity:

  • Change Healthcare: The cyberattack led to a shutdown of Change Healthcare's systems, impacting payment and billing, prescription processing, and data analytics services. The attack disrupted main operations, forcing healthcare providers and pharmacies to deploy workarounds to continue providing services. Change Healthcare has been working to restore its systems and services.
  • UnitedHealth Group: As the parent company of Change Healthcare, UnitedHealth Group has been actively involved in mitigating the impact of the cyberattack. The company has been focused on ensuring access to care and medications by addressing challenges to pharmacy, medical claims, and payment systems targeted by the attack. UnitedHealth Group has been working to restore Change Healthcare's systems and services.
  • OptumOptum, the division of UnitedHealth Group that acquired Change Healthcare in 2022, has been involved in the restoration of systems and services. Optum Rx, the pharmacy care services business of Optum, has been taking steps to ensure that patients can access their medications and reimbursing pharmacy claims to support patients during the disruption caused by the cyberattack.

The cyberattack has prompted responses from industry bodies and government agencies, with the Medical Group Management Association (MGMA) and the US federal government including the Department of Health and Human Services, the Federal Bureau of Investigations, the Cybersecurity and Infrastructure Security Agency, and the White House providing support and assistance to mitigate the impact on healthcare providers and patients.

The implications of the cyberattack have exposed the vulnerabilities and potential consequences of cyber threats in the healthcare sector, requiring preparedness and proactive measures to safeguard critical systems and data.

More in the news: 


Who was hacked, who owns who, and who was affected?

Who was hacked? 

Change Healthcare, a unit of UnitedHealth Group (UHG), was impacted by a cyberattack in late February. The attack was carried out by a ransomware group known as ALPHV or BlackCat. The attack led to significant disruptions in Change Healthcare's operations, impacting various aspects of the healthcare industry and millions of Americans who rely on services provided by the affected organizations.


Who owns who? 

Change Healthcare was acquired by insurer UnitedHealth Group’s Optum division in 2022. As a unit of UnitedHealth Group, Change Healthcare provides essential technology and services to the healthcare sector, including payment and billing, prescription processing, and data analytics.


Who was affected? 

The cyberattack on Change Healthcare had far-reaching impacts, affecting millions of Americans who use Change Healthcare's platform either directly or indirectly. The following parties were significantly impacted by the cyberattack:

  • Physicians and hospitals, impacting their ability to bill, manage, and issue prescriptions and healthcare procedures.
  • Pharmacies were unable to get information and properly fill prescriptions.
  • Individuals looking to make health claims and fill prescriptions were also affected by the breach.
  • Numerous healthcare organizations, health systems, health plans, and vendors were impacted, leading to disruptions in revenue management services, prescription fulfillment, and delayed payment processing.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.