Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

The Latest on Ransomware Attack Affecting U.S. Health Care System

UnitedHealth Group says it’s making progress in ending the widespread disruptions caused by the hack of tech company


spinner image a pharmacist reaching for a box of prescription drugs
AARP

​Change Healthcare announced that it is “working aggressively” to repair its systems that connect pharmacies with insurers after a cyberattack last month. The ransomware attack on the massive U.S. health care technology company, owned by UnitedHealth Group, caused unprecedented disruptions in the industry, as well as for untold numbers of people needing prescriptions filled. 

The company processes 15 billion health care transactions annually and is involved in the records of one in every three patients, according to the U.S. Department of Health and Human Services (HHS) in a March 10 letter to health care leaders on mitigating the impact of the cyberattack. Among suggested solutions to the far-reaching problem, HHS urged UnitedHealth Group to “take responsibility” and minimize disruptions for consumers and heath care providers.  

UnitedHealth Group says it is making progress: Its latest online update about its recovery notes that, as of March 8, pharmacies that use Change Healthcare can again access some of its services, including “electronic prescribing … with claim submission and payment transmission.” 

Before this restoration of crucial systems, many pharmacies throughout America could not transmit insurance claims for their patients, and some consumers wanting to pick up prescriptions in recent weeks were told that they needed to either wait for their medicines or pay out of pocket. 

The company says it is still working on problems with its connectivity to pharmacies, including the management of certain prescription coupon programs.

It will take a bit longer to restore its systems managing health insurance payments to hospitals and other health care providers that use the company to process claims, according to UnitedHealth Group. “We expect to begin testing and reestablish connectivity to our claims network and software on March 18,” and restore service later that week. In the meantime, the update notes, “we strongly recommend our provider and payer clients use the applicable workarounds we have established.”

The HHS letter urges cooperation across the board: “The government and private sector must work together to help providers make payroll and deliver timely care to the American people.” It asks insurers to “make interim payments to impacted providers. … Payers have the opportunity to stop-gap the cash flow concerns by stepping in with bridge payments.” 

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.

The concern is that, while Change’s systems are down, many hospitals and physicians are unable to process insurance claims, says Russ Thomas, CEO of Availity, a health care tech company that facilitates communication between health plans and providers and processes claims. “Change has providers that, after two weeks of not being able to bill, are sitting on hundreds and hundreds of millions of dollars of stuck claims,” he notes.

“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” says Andrew Witty, CEO of UnitedHealth Group, in the update. “All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

What happened

Change Healthcare announced on Feb. 29 that a notorious ransomware group, ALPHV, or BlackCat, claimed responsibility for the breach.

Change first acknowledged the attack on Feb. 21. Billing and care-authorization portals have been affected across the country.  

“Ransomware typically starts when someone in the organization clicks on a phishing link and it spawns some software that will give hackers access to the network of the company,” explains Frank McKenna, chief strategist for the San Diego–based fraud detection company Point Predictive. “From there, the hackers will infiltrate and then actually encrypt systems and download data so that the company cannot operate. They then reach out and demand payment.” 

The ALPHV/BlackCat gang is particularly pernicious in the world of cybercrime; the U.S. Department of State announced last month that it is offering a $10 million reward for information leading to the identity or location of ALPHV/BlackCat leaders, as well as up to $5 million for information leading to the arrest or conviction of any of the gang’s affiliates.

Change Healthcare hasn’t said publicly whether it paid or negotiated a ransom. But the word in the cybersecurity community is that it paid BlackCat $22 million, McKenna says. The ransom may have been paid for a decryption key that would allow the company to access its sensitive data and systems and to prevent the gang from releasing the data to the public, McKenna explains.​

Ransomware attacks a growing threat

Cybersecurity experts say ransomware attacks have increased substantially in recent years. The cryptocurrency-tracing firm Chainalysis’ annual crime report revealed that ransomware payments exceeded a record $1 billion in 2023, based on its tracking of cryptocurrency transactions. The report noted that last year, “ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies.”

Health care systems are frequent targets, McKenna says, “because the level of information about customers is very expansive,” making their data extremely valuable.

The Change Healthcare attack comes on the heels of an attack in late January on a children’s hospital in Chicago, which had to take phone, email and medical records systems offline.

In December, HHS reported a 93 percent increase in large breaches reported to the HHS Office for Civil Rights (OCR) from 2018-2022, with a 278 percent increase in large breaches involving ransomware. It released a concept paper for dealing with rising cybersecurity threats, including “working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity.”

With reporting from AP

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

spinner image cartoon of a woman holding a megaphone

Have you seen this scam?

  • Call the AARP Fraud Watch Network Helpline at 877-908-3360 or report it with the AARP Scam Tracking Map.  
  • Get Watchdog Alerts for tips on avoiding such scams.