Connect with us

Hi, what are you looking for?


Incident Response

UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack

UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery.

UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing the recovery.

The health care giant said Monday that it is testing software for submitting medical claims. It already has largely restored systems for handling pharmacy claims and processing payments.

Change Healthcare provides technology used to submit and process insurance claims. It handles about 14 billion transactions a year and works with claims from several insurers.

The company said last month that the ransomware group ALPHV, or Blackcat, gained access to some of its information technology systems.

The American Hospital Association has called the cyberattack “the most significant and consequential incident of its kind against the U.S. health care system.” The association said the disruption from the attack made it harder for hospitals to provide care, submit insurance claims and get paid.

Federal civil rights investigators said last week that they would look into whether protected health information was exposed in the attack.

Earlier this month, UnitedHealth said that it restored nearly all of Change Healthcare’s system for processing prescriptions. That tells pharmacies how much to charge patients for a prescription based on their coverage.

Late last week, the company restored Change Healthcare’s electronic payments platform, which involves billing and payments between care providers and payers like insurers.

Advertisement. Scroll to continue reading.

UnitedHealth said Monday that it is expanding temporary funding to support doctors and other care providers affected by the attack. The federal government also is some offering temporary, advance payments for Medicare claims.

Related: Cyber Insights 2024 – Ransomware

Related: Ransomware Resilience & Recovery Summit | Virtual Event

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.