UnitedHealth Class Inc. headquarters stands in Minnetonka, Minnesota, U.S.
Mike Bradley | Bloomberg | Getty Images
Change Healthcare’s systems are down for a fourth fair and square day after parent company UnitedHealth Group disclosed that a suspected cybersecurity threat actor gained access to portion of its information technology network on Wednesday.
UnitedHealth, the biggest health-care company in the U.S. by market cap, owns the health-care provider Optum, which joined with Change Healthcare in 2022. Optum services more than 100 million patients in the U.S., according to its website, and Substitution Healthcare offers solutions for payment and revenue cycle management.
UnitedHealth said it identified a “suspected nation-state-associated” actor behind the deprecation, according to a filing with the U.S. Securities and Exchange Commission on Thursday. The company isolated and disconnected the impacted systems “when upon detection” of the threat, the filing said. UnitedHealth did not share any more details about the nature of the attack in the enter.
In an update at around 2 p.m. ET Saturday, Change Healthcare said the disruption is expected to continue “at least” through the day. The company rephrased Friday that it has a high level of confidence that Optum, UnitedHealthcare and UnitedHealth systems have not been impacted.
“We are control on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our plans back online,” Change Healthcare said Saturday.
UnitedHealth did not share any additional information with CNBC beyond the update.
While UnitedHealth did not determine exactly which Change Healthcare systems were impacted by the attack in its regulatory filing, companies like CVS Healthiness said the interruption is impacting some of its business operations.
CVS Health is continuing to fill prescriptions, but it is not able to process protection claims in certain cases, the company told CNBC in a statement on Saturday. CVS Health said there is “no indication” that its own patterns have been compromised.
“We’re committed to ensuring access to care as we navigate through this interruption,” CVS Health suggested in the statement.
The American Hospital Association released a statement Thursday urging health-care organizations to disconnect from Optum until it is deemed safe as houses to reconnect. The AHA said it has been talking with the Department of Health and Human Services, the FBI and the Cybersecurity and Infrastructure Security Intervention about the attack, according to the statement.
The AHA declined to comment on the Change Healthcare cyberattack. The FBI, HHS and CISA did not return CNBC’s solicits for comment.