Current News

/

ArcaMax

Hacking at UnitedHealth unit cripples a swath of the US health system: What to know

Darius Tahir, KFF Health News on

Published in News & Features

Early in the morning of Feb. 21, Change Healthcare, a company unknown to most Americans that plays a huge role in the U.S. health system, issued a brief statement saying some of its applications were “currently unavailable.”

By the afternoon, the company described the situation as a “cyber security” problem.

Since then, it has rapidly blossomed into a crisis.

The company, recently purchased by insurance giant UnitedHealth Group, reportedly suffered a cyberattack. The impact is wide and expected to grow. Change Healthcare’s business is maintaining health care’s pipelines — payments, requests for insurers to authorize care, and much more. Those pipes handle a big load: Change says on its website, “Our cloud-based network supports 14 billion clinical, financial, and operational transactions annually.”

Initial media reports have focused on the impact on pharmacies, but techies say that’s understating the issue. The American Hospital Association says many of its members aren’t getting paid and that doctors can’t check whether patients have coverage for care.

But even that’s just a slice of the emergency: CommonWell, an institution that helps health providers share medical records, information critical to care, also relies on Change technology. The system contained records on 208 million individuals as of July 2023. Courtney Baker, CommonWell marketing manager, said the network “has been disabled out of an abundance of caution.”

 

“It’s small ripple pools that will get bigger and bigger over time, if it doesn’t get solved,” Saad Chaudhry, chief digital and information officer at Luminis Health, a hospital system in Maryland, told KFF Health News.

Here’s what to know about the hack:

Who Did It?

Media reports are fingering ALPHV, a notorious ransomware group also known as Blackcat, which has become the target of numerous law enforcement agencies worldwide. While UnitedHealth Group has said it is a “suspected nation-state associated” attack, some outside analysts dispute the linkage. The gang has previously been blamed for hacking casino companies MGM and Caesars, among many other targets.

...continued

swipe to next page

©2024 KFF Health News. Distributed by Tribune Content Agency, LLC.

Comments

blog comments powered by Disqus