U.S. healthcare technology giant Change Healthcare has confirmed a cyberattack on its systems. In a brief statement Wednesday, the company said it was “experiencing a network interruption related to a cyber security issue.”
“Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact,” Change Healthcare wrote on its status page. “The disruption is expected to last at least through the day.”
The incident began early on Wednesday morning on the U.S. East Coast, according to the incident tracker.
The specific nature of the cybersecurity incident was not disclosed. Most of the login pages for Change Healthcare were inaccessible or offline when TechCrunch checked at the time of writing.
Michigan local newspaper the Huron Daily Tribune is reporting that local pharmacies are experiencing outages due to the Change Healthcare cyberattack.
Scheurer Health, a healthcare provider in Michigan, said on its Facebook page that it cannot currently process prescriptions through patients’ insurance, citing the “nationwide outage from the largest prescription processor in North America,” referring to Change Healthcare.
Change Healthcare is one of the largest healthcare technology companies in the United States. Change Healthcare handles patient payments across the U.S. healthcare system. The tech giant boasts on its website that it handles 15 billion healthcare transactions annually and that one-in-three U.S. patient records are “touched by our clinical connectivity solutions.”
In 2022, health insurance giant UnitedHealth Group completed its merger of U.S. healthcare services giant Optum and Change Healthcare in a $7.8 billion deal, which allowed Optum broad access to patient records on tens of millions of Americans.
Optum provides technology and data to insurance companies and healthcare services. Both Optum and Change Healthcare are owned by health insurance giant UnitedHealth Group.
When reached by email Thursday, Optum spokesperson Andrew Krejci declined to comment beyond what was published on the incident tracker. Krejci would not say for what evidence Optum has to suspect a cybersecurity incident.
Neither spokespeople for Change Healthcare or UnitedHealth Group have commented.
Late Thursday, UnitedHealth attributed the cyberattack to likely government-backed hackers, without saying which nation state.
Updated with response from Optum, and corrected the start of the cyberattack to early Wednesday.
Read more on TechCrunch:
Postmeds data breach hits millions of patientsTruepill says hackers accessed sensitive data of 2.3 million patientsU.S. pharmacy giant says hackers accessed personal data of 6 million
Do you work at Change Healthcare and know more about the cyberattack? Get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.
UnitedHealth says Change Healthcare hacked by nation-state, as US pharmacy outages drag on