UnitedHealth Faces Outage as Optum Hack Forced Shutdown of Healthcare Billing Systems

Written by Gabby Lee

February 25, 2024

UnitedHealth Faces Outage as Optum Hack Forced Shutdown of Healthcare Billing Systems

UnitedHealth Group, a prominent healthcare company, has confirmed the Optum Hack as its subsidiary, Optum Solutions, experienced a cyberattack on the Change Healthcare platform.

The Optum hack, conducted by hackers affiliated with a nation-state, has led to the shutdown of IT systems and various services. UnitedHealth Group, with a strong presence across all 50 US states, is recognized as the world’s largest healthcare company in terms of revenue.  

Optum Hack Was a Result of a Massive Cyberattack

Change Healthcare initially informed its customers on Wednesday about the unavailability of certain services. Subsequently, the company revealed that the cause of this disruption was a cybersecurity incident.

UnitedHealth Group, in a recent 8-K filing with the SEC, confirmed that the incident was indeed a result of a cyberattack conducted by suspected “nation-state” hackers targeting Optum’s Change Healthcare services.

“On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems,”

“Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.”

“The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time.”

Reads the filing.

Optum is actively providing regular updates on the status of its services through a dedicated portal. As of now, the outage is affecting 119 services and platforms provided by Change Healthcare and Optum.

Optum Hack Has Affected Numerous Healthcare Clinics and Pharmacies

Numerous healthcare clinics, medical billing companies, and pharmacies have encountered widespread issues due to the outage. Reports indicate difficulties in billing and submitting claims for prescriptions or healthcare services. This disruption has had a broad impact on various stakeholders within the healthcare industry.

The impact on payment processing in pharmacies has been highly significant. The majority of local and chain pharmacies throughout the country are currently unable to process insurance claims or accept discount prescription cards. This disruption has created challenges for both patients and healthcare providers relying on these services.

In light of the situation, the American Hospital Association (AHA) has responded by issuing a warning. The AHA recommends that healthcare organizations utilizing Optum solutions take immediate action to disconnect their systems. This precautionary measure aims to safeguard the data of partners and patients who may be at risk due to the ongoing cyberattack incident.

“We recommend that all health care organizations that were disrupted or are potentially exposed by this incident consider disconnection from Optum until it is independently deemed safe to reconnect to Optum,”

American Hospital Association.

Healthcare providers have taken proactive measures to protect their own systems from the potential spread of the cyberattack. They have started disconnecting all connections to Optum, Change Healthcare, and UnitedHealth Group (UHG).

UnitedHealth Faces Outage as Optum Hack Forced Shutdown of Healthcare Billing Systems

Columbia University Warning about the Optum Hack

Source: BleepingComputer

Columbia University has announced that the New York Presbyterian healthcare system, which includes prestigious hospitals like Weill Cornell and Columbia, is advising its partners to disconnect from UHG services.

Additionally, Columbia University has blocked all email connections with UnitedHealth Group’s domains as a precautionary measure. They are advising their employees to refrain from visiting those domains until it is deemed safe to do so. These actions are being taken to mitigate any potential risks associated with the ongoing cyberattack.

“Additionally, to minimize the risk this external cyber security event presents to our computing environment, we have taken the extraordinary precaution of blocking email from the following domains: Optum.com, Changehealthcare.com, Caremount.com, Unitedhealthgroup.com, Uhc.com, and Uhg.com.”

The impact of the Optum outage extends to Tricare, the healthcare provider for active-duty personnel in the US military. Tricare has announced that as a result of the Optum outage, all US military pharmacies worldwide are now manually filling prescriptions.

While the exact nature of the attack that caused the outages is not clear, there are indications that it may be a ransomware attack. Although the organizations involved have attributed it to a “nation-state” actor, the characteristics of the incident align with typical ransomware attacks.

If this is indeed a ransomware attack, it is likely that patient and corporate data may have been stolen. Such stolen data could be used as leverage, with the threat actors threatening to release it unless a ransom is paid.

The investigation into the incident is currently ongoing, and official details regarding the full extent of the cyberattack have yet to be disclosed.

Optum Outage Has Also Affected Availity

In addition to the aforementioned impacts, the incident has also affected Availity, the clearinghouse for Therabill. As a result, claims processing and remittance advice have been temporarily paused.

According to an email circulated by Availity, they were notified by Change Healthcare about the situation. As a precautionary measure, Availity promptly disconnected their connections with Change Healthcare, Optum, and UnitedHealthcare.

Therabill’s security team has been vigilant and, as of now, has not detected any compromise of their members’ data. They are actively monitoring the situation to ensure the ongoing protection of data.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!