UnitedHealth Group Inc. is headquartered in Minnetonka, Minnesota, USA
Mike Bradley | Bloomberg | Getty Images
Change Healthcare's systems have been down for the fourth day in a row since parent company UnitedHealth Group disclosed Wednesday that a suspected cybersecurity threat actor had accessed parts of the company's information technology network. .
UnitedHealth, the largest healthcare company in the U.S. by market capitalization, owns healthcare provider Optum, which merged with Change Healthcare in 2022. Optum serves more than 100 million patients in the U.S., and Change Healthcare also provides payment and revenue cycle management solutions, according to its website.
In a filing with the U.S. Securities and Exchange Commission on Thursday, UnitedHealth said it had identified a “suspected nation-state affiliated” actor behind the attack. The company isolated and disconnected affected systems “as soon as it detected” the threat, according to the filing. UnitedHealth did not provide further details about the nature of the attack in its filing.
Change Healthcare said in an update around 2pm ET on Saturday that disruptions are expected to last “at least” the day. The company said Friday it has high confidence that its Optum, UnitedHealthcare and UnitedHealth systems are not affected.
“We are working on multiple approaches to restore the affected environment and do not intend to take shortcuts or take additional risks as we bring systems back online,” Change Healthcare said Saturday. stated.
UnitedHealth did not share any additional information with CNBC beyond this update.
Although UnitedHealth did not reveal in its regulatory filing exactly which Change Healthcare systems were affected by the attack, companies such as CVS Health have said the disruption could affect their business operations. He said that some of them were affected.
CVS Health continues to fill prescriptions but is unable to process claims in certain cases, the company told CNBC in a statement Saturday. CVS Health said it has “no indication” that its systems were compromised.
“We are committed to ensuring access to care as we navigate this disruption,” CVS Health said in a statement.
The American Hospital Association issued a statement Thursday urging healthcare providers to disconnect from Optum until it is determined it is safe to reconnect. In a statement, the AHA said it was consulting with the Department of Health and Human Services, the FBI, and the Cybersecurity and Infrastructure Security Agency about the attack.
AHA declined to comment on the Change Healthcare cyberattack. The FBI, HHS, and CISA did not respond to CNBC's requests for comment.