Connect with us

Hi, what are you looking for?


Data Breaches

State-Sponsored Group Blamed for Change Healthcare Breach

UnitedHealth Group is blaming a state-sponsored threat actor for a disruptive cyberattack on its subsidiary Change Healthcare.

Health insurance and services company UnitedHealth Group is blaming a state-sponsored threat actor for a cyberattack on its subsidiary Change Healthcare.

The attack occurred on February 21 and prompted Change Healthcare to shut down its systems, resulting in a nationwide prescription processing outage.

More than 100 Change Healthcare applications across pharmacy, medical record, clinical, dental, patient engagement, and payment services were affected, the company said in an 8-K filing with the SEC (Securities and Exchange Commission).

UnitedHealth Group said “a suspected nation-state associated cyber security threat actor” gained access to some of Change’s systems that were immediately isolated.

The company also noted that the attack only impacted Change systems and that it “has not determined the incident is reasonably likely to materially impact the company’s financial condition or results of operations.”

As of February 25, however, Change Healthcare has not been able tor restore the affected systems, according to an update to UnitedHealth’s incident notification.

“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect,” the company said.

One of the largest healthcare technology companies in the US following its merger with Optum, Change Healthcare handles billions of healthcare transactions per year and has access to the medical records of roughly one third of the health patients in the country.

Advertisement. Scroll to continue reading.

Related: Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk

Related: UN Experts Investigating 58 Suspected North Korean Cyberattacks

Related: Clorox Says Cyberattack Costs Exceed $49 Million

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.