Pharmacy Delays Across US Blamed on Nation-State Hackers

Healthcare tech provider Change Healthcare says a suspected nation-state threat actor breached its systems, causing pharmacy transaction delays nationwide.

Pills falling out of bottle
Source: kravaivan11 via Pixabay

Change Healthcare, a technology services provider for pharmacies, experienced a cyberattack from a suspected nation-state threat actor that has created widespread delays for patients who need prescription refills across the US.

Change Healthcare is a part of Optum Solutions, which in turn is part of the healthcare conglomerate UnitedHealth Group. Optum said all indications suggest the cyber incident is limited to Change Healthcare only and has not spread to other UnitedHealth entities. The outage, which began on Feb. 20, is likely to last until Friday, Feb. 23, the company predicts.

On Feb. 22, United HealthCare filed its required 8-K disclosure of a material cyber incident that said Change Healthcare had its systems breached by a suspected nation-state actor that was able to gain temporary access to the healthcare tech vendor's systems until they were taken offline.

According to the HIPAA Journal, Change Healthcare is responsible for 15 billion healthcare transactions annually, and about a third of US patients use its connectivity solutions.

Change Healthcare systems being pulled offline has caused delays at pharmacies all over the country, prompting one Michigan retailer to ask customers to wait an extra day to refill meds, if possible, according to reports.

But the fallout might not be limited to pharmacies and could have exposed patient data as well, according to Nick Tausek, lead security automation architect at Swimlane.

"Change manages patient payments across the healthcare sector, with access to medical records and sensitive patient information," Tausek explained in a statement. "Pharmacies across the country are already reporting delays in filling prescriptions and providing services as a result of this attack, marking the real-world dangers to human health cyberattacks can cause."

Healthcare Sector Vulnerable to Cyberattacks

The healthcare sector is particularly vulnerable to attacks and breaches, due to its reliance on third-party data management processors like Change Healthcare, Tausek added. The recent acquisition of Change Healthcare might have also made its systems a target for threat actors.

"Change Healthcare was acquired by UnitedHealth Group in 2022," Tausek explained. "The period during and following mergers and acquisitions can be a prime window for attacks, with advanced attackers taking advantage of internal upheaval caused by efforts to integrate systems, streamline operations, and increase efficiency."

The healthcare industry at large needs to work proactively to shore up its overall cybersecurity posture, said Javvad Malik, lead security awareness advocate at KnowBe4, in a statement.

"This incident serves as a stark reminder of the ever-present threats facing the healthcare sector," Malik added. "The healthcare industry continues to be a prime target for cybercriminals, so it's crucial that healthcare providers not only react effectively to threats but also proactively work to fortify their systems against future attacks."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights