US Pharmacies Face Delays from Cyberattack Fallout

What Happened

In February 2024, Change Healthcare experienced a cyberattack, suspected to be from a nation-state threat actor. This caused major disruptions in pharmacies.

UnitedHealth Group, which is the parent company, disconnected the affected systems to stop the attack from spreading. The outage, which began on Feb. 20, is likely to last until Friday, Feb. 23, the company predicts.

The cyberattack had a significant impact on pharmacies, especially in Michigan, as it prevented them from processing prescriptions through patients’ insurance.

This incident underscores the escalating concern over cyberattacks in the US healthcare sector.

Impact

The cyberattack significantly impacted US pharmacies, especially in Michigan. Change Healthcare processes 15 billion healthcare transactions annually. It manages records for one-in-three US patients. Pharmacies nationwide faced delays. Some retailers asked customers to wait an extra day for refills.

The company predicts outages will last until Feb. 23. Additional impact may come to light as the investigations progress.

About Change Healthcare

Change Healthcare is a key player in US healthcare. They provide essential clinical connectivity solutions. Each year, they process 15 billion healthcare transactions. Notably, they handle records for one-third of US patients.

In 2022, UnitedHealth Group acquired Change Healthcare. This led to its integration into Optum Solutions. The merger greatly expanded Change Healthcare‘s role. It now works closely with Optum’s services, which provides technology and data services to insurers and healthcare providers. Change Healthcare enhances Optum’s transaction processing capabilities. Together, they enhance the delivery of healthcare services.

Response

After detecting the cyberattack, Change Healthcare and UnitedHealth Group acted swiftly. The first step was to disconnect the affected systems. This action aimed to contain the breach and prevent further damage.

Then, they announced the cyberattack on their status page, and committed to providing ongoing updates about the incident.

On February 22, UnitedHealth Group filed an 8-K disclosure with the SEC. This filing detailed the breach’s nature, stating a suspected nation-state actor gained temporary access to Change Healthcare‘s systems.

The company emphasized the incident appeared confined to Change Healthcare, without affecting other UnitedHealth entities.

They also reassured stakeholders about their immediate and coordinated response to secure their systems.

Cyberattacks Targeting Healthcare

This cyberattack causing disruptions across U.S. pharmacies is not the only cyberattack on the healthcare sector recently. Also, Integris Health recently unveiled a significant data breach. Additionally, another cyberattack disrupted operations at a Children’s Hospital in the U.S. Moreover, a ransomware attack recently affected over 20 Romanian hospitals.

The healthcare industry remains a major target for cybercriminals. Therefore, it’s vital for healthcare providers to respond effectively to threats and proactively strengthen their systems to prevent future attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) hosts a resource page about the ransomware threat to the Healthcare and Public Health Sector. This page underscores the importance of cybersecurity in healthcare, highlighting the dangers posed by cyber threats, particularly ransomware. These dangers include disruptions to critical life-saving functions and exposure of sensitive patient information. Advocating for a united response from public and private stakeholders, the page stresses that cybersecurity isn’t solely an IT issue but a widespread responsibility for patient safety. Additionally, it underscores the continuity of care delivery as a crucial factor. Please visit the page for more details and access to further resources.

Also, In July 2023, the European Union Agency for Cybersecurity (ENISA) published a report for the health sector in Europe. This threat landscape report aims to provide new insights into the reality of the health sector based on cyber incidents. You can access the report here.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00