Change Healthcare, a division of UnitedHealthcare’s Optum, was the target of a cyberattack resulting in significant disruptions to prescription orders at thousands of pharmacies nationwide. The impact in the U.S. has been profound, as parent company Optum provides services to more than 60,000 pharmacies and care for more than 100 million consumers.
While it works to recover, the company has isolated services related to billing, claims management, payment, and data exchanges, forcing some healthcare organizations and systems to revert to manual procedures. Full restoration of services remains pending. The American Hospital Association recommended that companies using Optum services temporarily disconnect from them.
Change Healthcare processes approximately 15 billion transactions annually, impacting a significant portion of U.S. patient records, including prescriptions, dental, clinical, and other medical needs. The disruption has led to difficulties in verifying patients’ insurance coverage for prescriptions, forcing some individuals to pay in cash. While larger pharmacy chains like Walgreens have reported limited effects, smaller pharmacies heavily reliant on Change Healthcare for insurance verification and billing services are facing significant challenges.
The attack highlights the vulnerability of healthcare data, especially patients’ private medical records, in the face of cyber threats. Federal officials are closely monitoring the situation, emphasizing the need to strengthen cybersecurity resilience across the healthcare ecosystem.
EMPLOYER CONSIDERATIONS
Given the ongoing disruptions and potential risks to data security, affected employers should:
- Remain vigilant and communicate any updates or developments to enrollees.
- Encourage employees to exercise caution regarding any unusual communications or activities related to prescription orders or insurance verification.
Stay informed about further updates from - Change Healthcare and UnitedHealth Group regarding the restoration of services and any measures to enhance cybersecurity.