In this illustration, the UnitedHealth Group logo is displayed on a smartphone screen.
Sheldon Cooper | soba pictures | Rocket Lite | Getty Images
UnitedHealth Group It said Thursday it expects Change Healthcare's systems to be restored by mid-March, providing a potential solution to a ransomware attack that disrupted critical operations across the U.S. health care system.
The company discovered that a cyber threat actor compromised part of Change Healthcare's IT network on February 21, according to a filing with the Securities and Exchange Commission.
UnitedHealth isolated and disconnected the affected systems “immediately upon discovery” of the threat, but doing so resulted in interruptions to its pharmacy services, payment platforms and medical claims operations, the filing said.
UnitedHealth said in a statement Thursday that e-prescribing is “now fully operational,” and payment transfer and claims submission are currently available. The company said it expects to restore electronic payment functionality by March 15, and will begin testing connectivity to its claims network and software on March 18.
The company said in the statement that there was “no indication” that any other UnitedHealth systems were compromised in the attack.
“We are committed to providing relief to people affected by this malicious attack on America’s health system,” UnitedHealth CEO Andrew Witty said in the statement.
UnitedHealth on Friday announced a temporary financing assistance program to help health care providers experiencing cash flow issues as a result of the attack. The company said Thursday that it is offering “more financing solutions” to service providers, which means “providing funds every week.”
UnitedHealth said it realizes the program does not meet every provider's needs, so it is expanding the program to include those “who have exhausted all available contact options, and who are working with a payer that has chosen not to provide funds to providers during the period when health care change systems remain disrupted.” , according to the statement.
UnitedHealth said the advances will not need to be repaid until claims flows return to normal.
In late February, Change Healthcare said the Blackcat ransomware group was behind the cybersecurity attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data from organizations and threatens to release it unless a ransom is paid, according to a December statement from the US Department of Justice.
Ransomware attacks can be particularly dangerous within the healthcare sector, because they can cause immediate harm to patient safety when life-saving systems become disabled. UnitedHealth did not specify in the statement what type of data was compromised in the attack or confirm whether the company paid a ransom to bring its systems back online.