Pharmacy Delays Across US Blamed on Nation-State Hackers

We Keep you Connected

Pharmacy Delays Across US Blamed on Nation-State Hackers

Healthcare tech provider Change Healthcare says a suspected nation-state threat actor breached its systems, causing pharmacy transaction delays nationwide.
February 22, 2024
Change Healthcare, a technology services provider for pharmacies, experienced a cyberattack from a suspected nation-state threat actor that has created widespread delays for patients who need prescription refills across the US.
Change Healthcare is a part of Optum Solutions, which in turn is part of the healthcare conglomerate UnitedHealth Group. Optum said all indications suggest the cyber incident is limited to Change Healthcare only and has not spread to other UnitedHealth entities. The outage, which began on Feb. 20, is likely to last until Friday, Feb. 23, the company predicts.
On Feb. 22, United HealthCare filed its required 8-K disclosure of a material cyber incident that said Change Healthcare had its systems breached by a suspected nation-state actor that was able to gain temporary access to the healthcare tech vendor's systems until they were taken offline.
According to the HIPAA Journal, Change Healthcare is responsible for 15 billion healthcare transactions annually, and about a third of US patients use its connectivity solutions.
Change Healthcare systems being pulled offline has caused delays at pharmacies all over the country, prompting one Michigan retailer to ask customers to wait an extra day to refill meds, if possible, according to reports.
But the fallout might not be limited to pharmacies and could have exposed patient data as well, according to Nick Tausek, lead security automation architect at Swimlane.
"Change manages patient payments across the healthcare sector, with access to medical records and sensitive patient information," Tausek explained in a statement. "Pharmacies across the country are already reporting delays in filling prescriptions and providing services as a result of this attack, marking the real-world dangers to human health cyberattacks can cause."
The healthcare sector is particularly vulnerable to attacks and breaches, due to its reliance on third-party data management processors like Change Healthcare, Tausek added. The recent acquisition of Change Healthcare might have also made its systems a target for threat actors.
"Change Healthcare was acquired by UnitedHealth Group in 2022," Tausek explained. "The period during and following mergers and acquisitions can be a prime window for attacks, with advanced attackers taking advantage of internal upheaval caused by efforts to integrate systems, streamline operations, and increase efficiency."
The healthcare industry at large needs to work proactively to shore up its overall cybersecurity posture, said Javvad Malik, lead security awareness advocate at KnowBe4, in a statement.
"This incident serves as a stark reminder of the ever-present threats facing the healthcare sector," Malik added. "The healthcare industry continues to be a prime target for cybercriminals, so it's crucial that healthcare providers not only react effectively to threats but also proactively work to fortify their systems against future attacks."
Becky Bracken, Editor, Dark Reading

You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacks
Your Everywhere Security Guide: 4 Steps to Stop Cyberattacks
API Security: Protecting Your Application’s Attack Surface
API Security: Protecting Your Application’s Attack Surface
Securing the Software Development Life Cycle from Start to Finish
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
How to Deploy Zero Trust for Remote Workforce Security
Cloud & Hybrid Security Tooling Report
Stopping Active Adversaries: Lessons from the Cyber Frontline
FortiSASE Customer Success Stories – The Benefits of Single Vendor SASE
2023 Gartner Magic Quadrant for Single-Vendor SASE
Threat Intelligence: Data, People and Processes
2023 Snyk AI-Generated Code Security Report
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.