Pharmacies throughout the United States are currently facing a significant hurdle in their prescription processing services following a cyberattack targeting a unit of UnitedHealth. The company revealed in a regulatory filing that its Change Healthcare division, responsible for processing prescriptions for tens of thousands of pharmacies nationwide, has fallen victim to hackers who gained unauthorized access to some of its systems.
This cyberattack has led to numerous pharmacies encountering difficulties in fulfilling prescription orders. For instance, Naval Hospital Camp Pendleton in California is unable to process any prescription claims, limiting its services solely to handling emergency and urgent prescriptions from hospital providers. Similarly, Evans Army Community Hospital in Colorado has experienced delays in prescription processing, affecting both dispensing and refilling of medications.
The impact of this cyberattack isn’t confined to military institutions alone. GoodRX, a popular platform offering prescription discounts, has confirmed disruptions in its services. Moffet Drug, a small pharmacy located in Norton, Kansas, has also reported service interruptions, underscoring the widespread ramifications of this cyber incident across various healthcare facilities and service providers.
UnitedHealth, the parent company of Change Healthcare, has expressed concerns regarding the nature of the cyberattack, hinting at the involvement of a nation-state-sponsored threat actor. While the company has taken immediate steps to isolate the affected systems and inform law enforcement authorities, the exact motives and perpetrators behind the attack remain undisclosed.
The severity of this cyber incident prompted the American Hospital Association to advise medical facilities to disconnect from UnitedHealth’s network as a precautionary measure until the issue is resolved. This step aims to mitigate the potential risk of exposure to the same attackers who targeted Change Healthcare.
Despite the disruption caused by the cyberattack, Change Healthcare has assured stakeholders that the incident seems specific to its network and hasn’t spread to other systems within UnitedHealth. However, the company anticipates that the disruption will continue throughout the day, with updates expected as more information becomes available.
Given the mandate for companies to report cyberattacks to investors through the Securities and Exchange Commission (SEC), the ongoing investigation into the incident may reveal more about the motives and culprits behind the attack. While reminiscent of previous ransomware incidents affecting healthcare networks, the involvement of a nation-state-sponsored threat actor adds complexity to the situation.
In the face of this disruption, pharmacies and healthcare facilities are diligently striving to tackle the challenges posed by the cyberattack and ensure the timely delivery of essential medications to patients across the nation.