PHOENIX — A cyberattack on Change Healthcare’s technology systems has left some patients unable to fill their prescriptions at local pharmacies.
UnitedHealth Group, which acquired Change Healthcare in October 2022, filed a report with the U.S. Securities and Exchange Commission on Wednesday detailing the incident.
“UnitedHealth Group (the “Company”) has identified that a suspected nation-state affiliated cybersecurity threat actor has accessed portions of its Change Healthcare information technology systems. “As soon as we detected this external threat, we proactively isolated the affected systems from other connected systems and contained, assessed, and remediated the incident to protect our partners and patients.” This is stated in the report.
The report further stated that certain networks and transactions will no longer be accessible.
Pharmacies like CVS and Walgreens are reporting delays in receiving prescriptions for customers as a result.
Pendleton Naval Hospital Camp also reported disruptions and said outpatient prescriptions were being processed manually until the issue was resolved.
Where to find updates
Updates on this event can be found on Optum, a UnitedHealth Group medical technology services business website.
“We are working on multiple approaches to restore the affected environment and do not intend to take shortcuts or take additional risks as we bring systems back online,” Optum said in a recent statement. Mentioned in update.
The issue was first mentioned by the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday as CVE-2024-1709.
CISA described the Critical Vulnerability and Exposure (CVE) as “an authentication bypass vulnerability that could allow an attacker with network access to the management interface to create a new administrator-level account on an affected device.” .
It is unclear when business will return to normal.
