On this photo illustration the UnitedHealth Group logo displayed on a smartphone screen.
Sheldon Cooper | Sopa Images | Lightrocket | Getty Images
UnitedHealth Group on Thursday said it expects to restore Change Healthcare’s systems by mid-March, offering a possible resolution to the ransomware attack that has disrupted crucial operations across the U.S. health-care system.
The company discovered that a cyber threat actor breached a part of the Change Healthcare’s information technology network on Feb. 21, according to a filing with the Securities and Exchange Commission.
UnitedHealth isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said, but doing so interrupted pharmacy services, payment platforms and medical claims processes.
UnitedHealth said in a release Thursday that electronic prescribing is “now fully functional,” and payment transmission and claim submissions are currently available. The company said it expects electronic payment functionality to be restored by March 15, and it would start to test connectivity with its claims network and software on March 18.
There may be “no indication” that every other UnitedHealth systems were compromised within the attack, the company said in the discharge.
“We’re committed to providing relief for people affected by this malicious attack on the U.S. health system,” UnitedHealth CEO Andrew Witty said in the discharge.
On Friday, UnitedHealth announced a brief funding assistance program to help health-care providers which might be experiencing money flow problems consequently of the attack. The company said Thursday it’s providing “further funding solutions” for providers, which is able to mean “advancing funds each week.”
UnitedHealth said it recognizes that this system doesn’t meet the needs of each provider, so it’s expanding this system to include those ” who’ve exhausted all available connection options, and who work with a payer who has opted not to advance funds to providers throughout the period when Change Healthcare systems remain down,” according to the discharge.
UnitedHealth said the advances won’t need to be repaid until claims flows are back to normal.
In late February, Change Healthcare said that ransomware group Blackcat was behind the cybersecurity attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
Ransomware attacks may be particularly dangerous throughout the health-care sector, as they could cause immediate harm to patients’ safety when life-saving systems go dark. UnitedHealth didn’t specify in the discharge what kind of information was compromised within the attack or confirm whether the company has paid a ransom to bring its systems back online.