UnitedHealth blames a ‘nation-state’ for a hack disrupting pharmacy orders

A cyberattack against a division of UnitedHealth Group has left some pharmacies unable to dispense prescriptions. UnitedHealth found a “suspected nation-state associated cyber security threat actor” had access to subsidiary Change Healthcare’s systems Wednesday, prompting the company to disconnect them from other parties, the company said in a filing Thursday with the Securities and Exchange Commission. UnitedHealth, the country’s largest health insurer, said in a statement Thursday that the cyberattack and related “network interruption” affected only Change Healthcare and that all its other systems are operational. When Change Healthcare went public in 2019, the Nashville-based company’s S-1 filing included key details about the business, including that its customers include “the vast majority of U.S. payers and providers” and “approximately 2,200 government and commercial payer connections, 900,000 physicians, 118,000 dentists, 33,000 pharmacies, 5,500 hospitals and 600 laboratories.” A lawsuit three years later by the U.S. Department of Justice opposing the company’s $7.8-billion acquisition by UnitedHealth on the grounds that it would give the insurance giant visibility into and control over rival insurers’ proprietary data, described Change Health as a linchpin of the U.S. healthcare system. “Based upon below statements from Optum, that they became aware of an ‘outside threat’ and disconnected ‘in the interest of protecting our partners and patients,’ we are recommending that all health-care organizations should also consider disconnection from Optum as well, until independently deemed safe to reconnect to Optum.” The two biggest U.S. pharmacy chains said they both were experiencing limited disruptions.