Table of Contents
NEW YORK — Some pharmacies across the country are reporting that they are having difficulty getting prescriptions to patients because of a cyberattack on a unit of UnitedHealth.
UnitedHealth said in a regulatory filing Thursday its Change Healthcare business, which processes prescriptions to insurance for tens of thousands of pharmacies nationwide, was compromised by hackers who gained access to some of its systems. The company became aware of the cyberattack Wednesday, and, in a separate statement, said it expected the attack to last at least throughout the day Thursday.
“By now, many of you are aware of a cyberattack that has affected Change Healthcare’s ability to communicate with pharmacies. Change Healthcare is a technology company used by many pharmacies; their technology helps pharmacies know how much to charge consumers at the pharmacy counter. As a result of this, many pharmacies throughout America could not transmit insurance claims for their patients. This is resulting in delays in getting prescriptions filled. As of Friday afternoon, the situation was still not resolved and pharmacies across the nation are reporting significant backlogs of prescriptions they are unable to process,” APhA in a statement.
“This situation may take several days to resolve, so in the meantime, we would ask the public to please keep in mind the incredible extra stress this situation places on pharmacies and pharmacy personnel,” added Michael Hogue, executive vice president and CEO of APhA. If you have urgent prescriptions or are out of medication, please talk with your pharmacist about possible solutions.”
The cyberattack prevented some pharmacies from processing prescriptions to insurance companies to receive payment.
In its filing with the Securities and Exchange Commission, UnitedHealth said its cyberattack could have been sponsored by a group of hackers paid by a foreign country. It said it has isolated the attack and notified law enforcement and is working quickly to restore is systems.
“UnitedHealth Group identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems,” the company said. “Immediately upon detection of this outside threat, the company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.”
