In this photo illustration the UnitedHealth Group logo displayed on a smartphone screen.
Sheldon Cooper | Sopa Images | Lightrocket | Getty Images
UnitedHealth Group on Thursday said it expects to restore Change Healthcare’s systems by mid-March, offering a potential resolution to the ransomware attack that has disrupted crucial operations across the U.S. health-care system.
The company discovered that a cyber threat actor breached part of the Change Healthcare’s information technology network on Feb. 21, according to a filing with the Securities and Exchange Commission.
UnitedHealth isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said, but doing so interrupted pharmacy services, payment platforms and medical claims processes.
UnitedHealth said in a release Thursday that electronic prescribing is “now fully functional,” and payment transmission and claim submissions are currently available. The company said it expects electronic payment functionality to be restored by March 15, and it will start to test connectivity with its claims network and software on March 18.
There is “no indication” that any other UnitedHealth systems were compromised in the attack, the company said in the release.
“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” UnitedHealth CEO Andrew Witty said in the release.
On Friday, UnitedHealth announced a temporary funding assistance program to help health-care providers that are experiencing cash flow problems as a result of the attack. The company said Thursday it is providing “further funding solutions” for providers, which will mean “advancing funds each week.”
UnitedHealth said it recognizes that the program does not meet the needs of every provider, so it is expanding the program to include those ” who have exhausted all available connection options, and who work with a payer who has opted not to advance funds to providers during the period when Change Healthcare systems remain down,” according to the release.
UnitedHealth said the advances will not need to be repaid until claims flows are back to normal.
In late February, Change Healthcare said that ransomware group Blackcat was behind the cybersecurity attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
Ransomware attacks can be particularly dangerous within the health-care sector, as they can cause immediate harm to patients’ safety when life-saving systems go dark. UnitedHealth did not specify in the release what kind of data was compromised in the attack or confirm whether the company has paid a ransom to bring its systems back online.