Skip to main content

Cyber Attack Against Optum’s Change Healthcare: What Our Clients Need to Know 

February 28, 2024

As many of you know, Change Healthcare was the target of an apparent cyberattack this past Wednesday. The revenue cycle company, which is a subsidiary of UnitedHealth Group’s Optum, indicated that it had managed to “isolate its systems” to mitigate further harm. Optum, UnitedHealthcare, and UnitedHealth Group (UHG) systems were not affected by the attack, according to sources at UHG.

In a filing on Thursday with the U.S. Securities and Exchange Commission (SEC), UnitedHealth asserted that it had identified a “suspected nation-state-associated” actor behind the attack. According to a February 26 report by the Health Information Sharing and Analysis Center (Health-ISAC), UHG claimed to have contained the incident and that customers and partners would not need to disconnect from the network.

Despite these assurances, there are concerns that this latest cyberattack against an American healthcare entity may not be over and may not be limited to just one company. According to cyber intelligence firm RedSense, more health-related organizations are likely to be compromised by the same tactic used to undermine Change’s systems. “We would expect to see additional victims in the coming days,” according to the RedSense report.

While it is uncertain at this time the extent to which the breach of Change’s systems will affect downstream processes for the healthcare industry as a whole, the American Hospital Association (AHA) did release the following cautionary statement:

Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain health care technologies and clinical authorizations provided by Optum across the health care sector.

We want to assure our clients that we are taking preventative measures to defend against this and other potential assaults against our mission-critical systems. Protecting patient information and other sensitive data is among our top priorities at Coronis Healthcare. We are blocking known malicious IP addresses and other tools used in this attack. Our Information Security team is also working with our Managed Detection and Response vendors to perform proactive threat hunting against our systems to check for Indicators of Compromise. We also confirmed with our Managed Service Providers that they are not running vulnerable systems associated with this attack vector.

We will continue to investigate how the cyber-attack against Optum’s Change Healthcare may impact our clients. As we get more information, we will provide further updates.

Get the Latest RCM News Delivered

Receive practical tips on medical billing and breaking news on RCM in your inbox.

Get in Touch