UnitedHealth Blamed ‘Nation-State’ Threat in Hack That Disrupted Pharmacy Orders
(Bloomberg) — A cyberattack against a division of UnitedHealth Group Inc. has caused a nationwide outage of a computer network that’s used to transmit data between health-care providers and insurance companies, rendering some pharmacies unable to process prescriptions, according to the company and reports from affected organizations.
Most Read from Bloomberg
UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems on Feb. 21, prompting the company to disconnect them from other parties, the company said in a filing Thursday.
UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” only impacted Change Healthcare and that all its other systems are operational. Change Healthcare is a key intermediary in the $1.5 trillion US health insurance market.
UnitedHealth is working with law enforcement and security experts but can’t say when the service will be restored, according to the filing. The company hasn’t determined that the attack is likely to affect its financial results, it said.
“Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter,” the Minnetonka, Minnesota-based company said earlier in a statement on its website. “Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact.”
The incident is the latest in a series of attacks where hackers have compromised providers of back-end IT software and services — companies that are often little-known outside of their industries yet play critical roles in the normal functioning of everything from financial markets to government services — and triggered cascading disruptions across their customer bases.
Last month, for example, a ransomware attack against Tietoevry Oyj, a Finnish information technology company, crippled payroll and other services for government agencies and hospitals, retailers, cinemas and other customers throughout Sweden. Three days later, a ransomware…
