Hospitals, pharmacies, and other health care providers are getting stuck in an insurance processing logjam after UnitedHealth Group disclosed a cyberattack within a recently acquired subsidiary that serves as a central hub for payments across the industry.
The cyberattack and subsequent system outage within UnitedHealth’s Change Healthcare has caught the attention of federal law enforcement agencies. The FBI, Cybersecurity and Infrastructure Security Agency, and Department of Health and Human Services will be on a call Friday afternoon with executives from UnitedHealth, the American Hospital Association, and the Health Information Sharing and Analysis Center, which is a group of hospitals, insurers, and other health care companies that share information on cyber threats, according to a hospital executive who shared the call details with STAT.
The severity of the attack started to become more apparent Thursday after UnitedHealth disclosed a “suspected nation-state” is behind the cyberattack, which began on Wednesday. UnitedHealth has “retained leading security experts, is working with law enforcement, and notified customers, clients, and certain government agencies,” the company said in its investor disclosure. The company took down its Change Healthcare payment systems, which remain out. It would not disclose any other information and directed STAT to its update page.
This article is exclusive to STAT+ subscribers
Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.
Already have an account? Log in
Already have an account? Log in
To submit a correction request, please visit our Contact Us page.
STAT encourages you to share your voice. We welcome your commentary, criticism, and expertise on our subscriber-only platform, STAT+ Connect