UnitedHealth Group, the largest healthcare company in the United States, was the victim of a major cyberattack that has disrupted operations and taken many of its systems offline.
According to a Form 8-K filing with the SEC on February 22nd, the company detected unauthorized access to its systems on February 21st which it believes came from a nation-state associated threat actor.
Upon discovery, UnitedHealth immediately isolated the affected systems to contain the threat. This resulted in enterprise-wide network outages and service disruptions that are still ongoing. The company has engaged cybersecurity experts and is working with law enforcement agencies to investigate and remediate the issue.
The attack appears to have specifically targeted UnitedHealth's Change Healthcare division, which provides IT services and software to optimize revenue processes in healthcare.
Change Healthcare posted a series of incident reports starting on February 21st, indicating there were connectivity and application availability issues due to a network interruption related to a cybersecurity threat.
Over the past two days, Change Healthcare has remained offline as its experts work to restore systems safely. The company expects disruptions to last at least through the end of this week. During this time, Change Healthcare's networks, transactional services, and other applications will have limited or no availability.
UnitedHealth stated it has not yet determined if this incident will have a material financial impact. As the largest healthcare company in the U.S., disruptions to UnitedHealth’s systems could significantly impact hospitals, health systems, and medical practices that rely on its platforms and services.
While UnitedHealth believes the cyberattack has been contained to Change Healthcare, the scale of the disruption illustrates the major risks that cyber threats pose to healthcare organizations and patients. Attacks against hospitals and healthcare systems have been on the rise globally, disrupting operations, stealing data, and demanding huge ransoms.
UnitedHealth said its other businesses across the enterprise remain operational, but this attack makes it clear how a single security breach can have cascading effects. Companies in the healthcare sector need to remain vigilant against evolving cyber risks and ensure robust contingency plans are in place in case critical systems go down.