Early yesterday, Change Healthcare reported that they were experiencing enterprise-wide connectivity issues. They didn’t call it a cyberattack at that point, but by mid-day, their status reports were indicating that they were experiencing “a network interruption related to a cyber security issue.” A few hours later, they added a statement, “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.”
Change Healthcare has issued updates every few hours since then. As of this morning, their updates no longer say the disruption is expected to last at least through the day. Now it offers no prediction of how long the disruption will last and merely states, ” We will provide updates as more information becomes available.”
According to the Optum Solutions status page:
This incident affects: Change Healthcare Enterprise, Clinical Network (Clinical Document Collector API, Clinical Exchange, Clinical Exchange Channel Partners including ePrescribe and Orders & Results, Clinical Exchange Labs and Hospitals, CommonWell, Connectivity Gateway), Cost Transparency (Predictive Engagement, Provider Directory, True View), Dental Network (Credentialing Advocate Solution, Dental Claim Attachments, Dental Connect, Dental Credentialing Manager, Dental EDI Network, Dental Practice Analytic Insights, Dental Revenue Cycle Insights, SimpleAttach Solution), Eligibility & Enrollment (Dual Enrollment Advocate & Recert Complete, My Advocate, Part D Complete & Community Advocate, SSI Enrollment Advocate), Medical Network (Advanced Claim Management, Batch Claims, Claiming & Remittance, Claims Automation, Eligibility & Patient Access, ERA Transactions, Medical Claim Attachments, Paper-to-EDI, Payer Connectivity Services, Payer Data Services, Payer Finder website and API, Real-time Eligibility Transactions, Revenue Analytics), Medical Network APIs (Claims Responses and Reports API, Claims Status API, Eligibility API, Institutional Claims API, Payer Finder API, Professional Claims API), Medical Record Retrieval & Clinical Review (Clinical Abstraction, Medical Record Retrieval, Risk Adjustment Coding), Member Engagement & Experience (Interoperability API Connector, Member Payments, Smart Connect, Smart Appointment Scheduling, & Clinical Care Visits), Patient Engagement & Experience (Shop Book and Pay, Virtual Front Desk), Pharmacy Benefits & TPA (Medicaid Pharmacy Benefits Services, Smart Commercial Pharmacy Services), Provider Network Optimization (Contract Manager, Provider Manager, Reimbursement Manager), Revenue Cycle Management (AccuPost, Acuity Revenue Cycle Analytics, Ahi Lobby, AhiQA, Ambulatory Claims Manager, Assurance Reimbursement Management, Claims & Denials Advisor, Claims & Denials Management, Clearance Patient Access Suite, Financial Clearance, National Payments Connector, Patient Engagement Suite, Reporting & Metrics, Revenue Integrity, Revenue Performance Advisor), Risk Adjustment & Quality (Compliance Reporter, Dx Gap Advisor, Edge Complete, EMR Risk Advisor, Encounter Complete, Risk View), Value-Based Care (Business Process as a Service (BPaaS), Episode Manager, HealthQx, Prometheus Analytics, Risk Manager, Third-Party Administration, Value-Based Care Transformation Services), Customer Portals (Client Access System, ConnectCenter, Customer Care Hub, Customer Connection, Download Central, Download Connect, Enrollment Central, Vision), Payer Communications and Payment Services (Communications Complete – Payer, Payer Communications and Print, Payer Enrollment Services, Payment Network Advocate, Settlement Advocate), Provider Communications and Payment Services (Communications Complete – Provider, Member Correspondence Advocate, Patient Billing & Statements, Payment Automation, SmartPay for Providers, SmartPay Payment Integration, SmartPay Plus for Providers), Clinical Decision Support (InterQual® Coordinated Care, InterQual® Customize, InterQual® Review Manager – Hosted, InterQual® Government Services), and Pharmacy Solutions (MedRx, Network Solutions, Revenue Cycle Management, Rx Assist, Rx CardFinder Services, Rx Connect Solution, Rx Edit, SelectRx, UPBS Analytics website, UPBS Claims Manager website, UPBS Claims Processing, UPBS Configuration Manager website, Vaccination Record).
No ransomware group has publicly claimed responsibility for this attack yet. DataBreaches has reached out to a few sources and will update this post if any answers are received.
Change Healthcare is part of Optum Solutions, and is a business associate to covered entities, providing payment and revenue services, as well as clinical decision support and other services. Looking at the number of services being disrupted by this attack will give readers some sense of how big and impactful this breach is.
My sister is employed by Change Healthcare and it been a bit of a mess, she had clients calling her most of Wednesday Night asking questions as to what was going on and why they couldn’t fill prescriptions or access any of the systems. Luckily she and the rest of the employees are still getting paid. My sister had seen information released from the FBI saying that China has ramped up Cyber attacks against big American Companies and then 2 days later Change Healthcare’s systems get breached……Coincidence? I think not!
UHC/Change Healthcare filed an 8-K report with the SEC yesterday about the incident in which they said, “On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.” If they’re right that it was nation-state associated, could it be China? Sure, but also Russia is ticked off about facing more sanctions over Navalny’s death, and oh yeah, Iran probably isn’t too happy with us, either.
Actually, what you described is exactly the definition of coincidence. Until causality has been established. The FBI was been warning for years about increased cyber threats posed by China, Russia, Iran, and, just as important to systems, criminals using ransomware attacks to extort $$$. Just as likely to be criminal activity as nation state. Why? Because the underlying technology is the same to either type of attacker. Not all attacks require a nation to commit.