Connect with us

Hi, what are you looking for?



Change Healthcare Restores Pharmacy Services Disrupted by Ransomware

Change Healthcare says it has made significant progress in restoring systems impacted by a recent ransomware attack.

Change Healthcare parent company UnitedHealth Group says it has restored pharmacy services disrupted by a BlackCat ransomware attack more than two weeks ago.

In an incident update on Thursday, the company revealed that it continues to work aggressively on restoring its systems and services and that key functionality is coming back online.

“Electronic prescribing is now fully functional with claim submission and payment transmission also available as of today. All major pharmacy claims and payment systems are back up and functioning,” the company said.

According to the company, electronic payment functionality will remain down for another week, but will become available for connection on March 15.

Systems related to medical claims, however, will take longer to restore, UnitedHealth Group said: “we expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week.”

“While we work to restore these systems, we strongly recommend our provider and payer clients use the applicable workarounds we have established—in particular, using our new iEDI claim submission system in the interest of system redundancy given the current environment,” UnitedHealth Group also said.

The February 21 cyberattack took down the Change Healthcare claims and payment infrastructure with a devastating impact on the US health system, preventing over 7,000 pharmacies and hospitals from processing prescriptions.

On Monday, the US Department of Health and Human Services (HHS) announced the actions it was taking to assist healthcare providers impacted by the incident, which has been attributed to the BlackCat ransomware group.

Advertisement. Scroll to continue reading.

BlackCat reportedly received a $22 million ransom payment from Change Healthcare and pulled an exit scam, refusing to share the proceeds with the affiliate who perpetrated the intrusion and who claims to be in the possession of four terabytes of data stolen from the healthcare technology company.

Related: Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks

Related: German Steelmaker Thyssenkrupp Confirms Ransomware Attack

Related: LoanDepot Ransomware Attack Exposed 16.9 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.


Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.