UnitedHealth confirms Optum hack behind US healthcare billing outage

By Bill Toulas, Bleeping Computer

Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by “nation-state” hackers on the Change Healthcare platform.

United Health Group (UHG) is a health insurance company with a presence across all 50 US states. The organization is the world's largest healthcare company by revenue ($324.2 billion in 2022), employing 440,000 people worldwide.

Its subsidiary, Optum Solutions, operates the Change Healthcare platform, which is the largest payment exchange platform between doctors, pharmacies, healthcare providers, and patients in the US healthcare system.

Optum suffers massive cyberattack

Change Healthcare first started warning customers Wednesday that some of its services had become unavailable, later stating a cybersecurity incident caused it.

An 8-K filing submitted by UnitedHealth Group with the SEC yesterday confirmed that a cyberattack by suspected "nation-state" hackers was behind the disruption to Optum's Change Healthcare services.

"On February 21, 2024, UnitedHealth Group (the "Company") identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems," reads the filing.

"Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident."

"The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time."

Optum is providing regular updates on the status of its services on this portal, which says that the outage is currently impacting 119 Change Healthcare and Optum services and platforms. 

Change Healthcare has a wide presence in the US healthcare systems, used by hospitals, clinics, and pharmacies nationwide for electronic health record (EHR) systems, payment processing, care coordination, and data analytics.

Employees at healthcare clinics, medical billing companies, and pharmacies have reported widescale problems due to the outage, including being unable to bill or send claims for prescriptions or healthcare services.

The payment processing disruption in pharmacies has been particularly noticeable, with the majority of local and box store pharmacies across the country unable to process any insurance claims or accept discount prescription cards.

In response to the situation, the American Hospital Association (AHA) issued a warning yesterday recommending that all healthcare organizations that rely on Optum solutions disconnect their systems immediately to protect their partners' and patients' data.

"We recommend that all health care organizations that were disrupted or are potentially exposed by this incident consider disconnection from Optum until it is independently deemed safe to reconnect to Optum," warned the American Hospital Association.

Healthcare providers have begun to disconnect from Optum, Change Healthcare, and UHG to prevent the potential spread of the attack to their own systems.

Columbia University announced that the New York Presbyterian healthcare system, which includes the Weill Cornell and Columbia hospitals, advises partners to disconnect from UGH services.



Comments

Post a Comment

Popular posts from this blog

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and
Read more

Ransomware gang starts leaking alleged stolen Change Healthcare data

Image
By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they
Read more

Notepad++ wants your help in "parasite website" shutdown

Image
By Ax Sharma,  Bleeping Computer The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. The lookalike website appears prominently in search results
Read more