November 8, 2024
UnitedHealth subsidiary Change Healthcare down for a fourth day following cyberattack
Change Healthcare's systems are down for the fourth day in a row after parent company UnitedHealth disclosed a suspected cyberattack.

UnitedHealth Group Inc. headquarters stands in Minnetonka, Minnesota, U.S.

Mike Bradley | Bloomberg | Getty Images

Change Healthcare’s systems are down for a fourth straight day after parent company UnitedHealth Group disclosed that a suspected cybersecurity threat actor gained access to part of its information technology network on Wednesday. 

UnitedHealth, the biggest health-care company in the U.S. by market cap, owns the health-care provider Optum, which merged with Change Healthcare in 2022. Optum services more than 100 million patients in the U.S., according to its website, and Change Healthcare offers solutions for payment and revenue cycle management. 

UnitedHealth said it identified a “suspected nation-state-associated” actor behind the attack, according to a filing with the U.S. Securities and Exchange Commission on Thursday. The company isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said. UnitedHealth did not share any more details about the nature of the attack in the filing.

In an update at around 2 p.m. ET Saturday, Change Healthcare said the disruption is expected to continue “at least” through the day. The company said Friday that it has a high level of confidence that Optum, UnitedHealthcare and UnitedHealth systems have not been impacted. 

“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” Change Healthcare said Saturday. 

UnitedHealth did not share any additional information with CNBC beyond the update. 

While UnitedHealth did not specify exactly which Change Healthcare systems were impacted by the attack in its regulatory filing, companies like CVS Health said the interruption is impacting some of its business operations. 

CVS Health is continuing to fill prescriptions, but it is not able to process insurance claims in certain cases, the company told CNBC in a statement on Saturday. CVS Health said there is “no indication” that its own systems have been compromised.

“We’re committed to ensuring access to care as we navigate through this interruption,” CVS Health said in the statement. 

The American Hospital Association released a statement Thursday urging health-care organizations to disconnect from Optum until it is deemed safe to reconnect. The AHA said it has been talking with the Department of Health and Human Services, the FBI and the Cybersecurity and Infrastructure Security Agency about the attack, according to the statement.

The AHA declined to comment on the Change Healthcare cyberattack. The FBI, HHS and CISA did not return CNBC’s requests for comment.