The recent Optum cyberattack has caused a ripple effect in the healthcare sector, exposing weaknesses and leading to considerable financial and legal consequences. Look into the blog about what happened and its implications on Change Healthcare.
What Is Change Healthcare?
Change Healthcare, a subsidiary of UnitedHealth Group and a separate department of health under Optum focused on managing healthcare sector services including payment processing, advance payments, claim payments, and overseeing the creation of cash flow statements with an estimated 15 billion transactions managed each year.
According to The Washington Post, the Justice Department referenced in a 2022 lawsuit UnitedHealth Group’s statement that 50% of the US healthcare system, medical claims are processed through Change Healthcare’s “electronic data interchange clearinghouse.”
What Happened at the Optum, UnitedHealth Group?
The UnitedHealth Group, CEO Andrew Witty stated that on Feb. 21, 2024, they found that a threat actor had infiltrated one of their Change Healthcare environments. Upon realizing the external danger, we quickly disconnected Change Healthcare’s systems to safeguard our patient’s health and human services from the healthcare cyberattack.
No definite timeline was given for the recovery of services following the cyberattack. However, UnitedHealth Group announced on March 7 that electronic prescribing for pharmacy services and physician practices was operating smoothly, with claim submission and payment transmission already in place.
The company announced that its electronic payment platform will be back up and running starting March 15. They anticipate beginning testing and setting up the assistance program, examining the revenue cycle, and ensuring network connectivity by March 18, with full service being restored by the end of the week.
5 Key Things You Need To Know About The Optum Cyberattack
1. IT and Computer Systems Stopped Working
The first thing that was noticeable following the Optum cyberattack was that the computer systems stopped working. In a regulatory report on Wednesday, UnitedHealth Group revealed the cyber breach on Change Healthcare, a pharmacy service under its Optum division.
The individual responsible for the attack successfully entered certain Change Healthcare IT systems, as disclosed in UnitedHealth’s filing with the U.S. Securities and Exchange Commission. To safeguard the protected health information about our partners and patients, Change Healthcare quickly disconnected its systems to prevent the additional impact of the Optum cyberattack.
The American Hospital Association mentioned that Optum cyberattack has a widespread presence in the Centers for Medicare, and offers many essential services. The assistance program stated that the interruption could have major disruptive impacts on temporary funding, insurance verification, payments, healthcare technologies, financial hardships, and clinical authorizations.
2. Timeline for Restoration from the Cyberattack
In its latest statement, Change Healthcare mentioned that the effects of the Optum cyberattack are projected to continue at least for the rest of the day. Change Healthcare also stated that they are utilizing various methods to repair the affected environment, revive the health and human services, and are committed to not cutting any corners of temporary funding while introducing further risks as they reactivate their systems. We will remain vigilant and assertive with our systems, and if we notice any problems, we will promptly act and disconnect.
3. SEC Filing in Response to the Cyberattack
UnitedHealth reported in its SEC filing that it has discovered a suspected nation-state as the threat actor responsible for the Optum cyberattack. The attack was not attributed by the company to a specific government of any country. Change Healthcare also stated in its SEC filing that they have hired top security experts, is collaborating with law enforcement, and has informed customers, clients, and specific government agencies falling under the healthcare industry.
Currently, the Company thinks that only financial hardships are faced in the Change Healthcare industry but it has also affected network interruption, with all other systems within the Company functioning as normal.
4. Health and Human Services Gets Interrupted
Consumers have suffered due to the recent Optum cyberattack, causing difficulties in health and human services like filling prescriptions and utilizing drug-coupon cards. In addition to the above, the consumers of the healthcare sector are also uncertain regarding health insurers’ ability to approve requests for drugs and verify patients’ insurance coverage. Stolen advance payments and the claim payments data from the Optum cyberattack could jeopardize protected health information of the patient’s personal, financial, and health information.
5. Medical & Pharmacy Disruptions in the Cyberattack
Media reports have stated that the Optum cyberattack effects on insurance processing have caused challenges for health and human services, each trying to obtain prescriptions through their insurance. According to a report from the Wall Street Journal, neighborhood drugstores are experiencing delays and difficulties in processing insurance claims for prescriptions. CNN stated that patients are turning to claim payments with their own money to obtain essential medications from the assistance program.
Regarding this, UnitedHealth mentioned in the SEC filing that some networks and transactional services might not be available due to the cyberattack. The cyberattack further impacted The Naval Hospital at Camp Pendleton in California, military clinics and hospitals globally, as well as some retail pharmacies within the health care system.
Final Note: Prioritizing Cybersecurity
To sum up, the most recent Optum cyberattack problems revealed weaknesses in the healthcare industry, resulting in financial, legal, and operational difficulties. Stakeholders need to make cybersecurity a top priority to safeguard patient data and healthcare services.
Want to stay ahead and well-informed? Subscribe to DistilINFO HealthPlan and receive the most recent updates in health news, medical advancements, and emerging health trends, all while maintaining a keen eye on cybersecurity and other vital facets of the healthcare industry.
FAQs
- What changes has Change Healthcare noticed in 2024?
Ans. In 2024, Change Healthcare observed major alterations post the cybersecurity breach. These adjustments involved increased recognition of cybersecurity weaknesses in the healthcare industry, closer examination of measures to protect data, and the enforcement of more rigorous security procedures to avoid further breaches.
- What steps can the healthcare industry take to prepare themselves for cyberattacks similar to those experienced by Optum?
Ans. The healthcare industry can improve readiness by conducting frequent audits, providing training for employees, utilizing advanced encryption, employing intrusion detection systems, and developing incident response plans. Working together with professionals in cybersecurity and exchanging information on threats can strengthen defenses.
