Skip to main content
A woman purchases medications at a pharmacy counter, unaware that the data entered into the computer screen next to her could be compromised in violation of HIPAA regulations.

UnitedHealth | Change Healthcare Data Breach Investigation

The Lyon Firm is investigating the confirmed cyberattack on the UnitedHealth subsidiary Optum and its Change Healthcare payment network. The major disruption could result in millions of patients unable to access medications, and could likely result in a widespread data breach incident. Contact our data breach lawyers to review your claims.

What Happened at UnitedHealth?

A ransomware attack, claimed by the ALPHV/BlackCat group, has caused severe disruptions to pharmacies and hospitals nationwide. Many patients have reported problems filling prescriptions or, in some cases, seeking medical treatment.

UnitedHealth Group has accused the notorious ransomware gang of hacking Optum’s Change Healthcare payment systems. The hack was discovered on February 21st when the company disclosed that its subsidiary, Optum, was impacted by a “cybersecurity issue.”

The all-important UnitedHealth digital health care payment platform, known as Change Healthcare, appeared to be either knocked offline or deliberately taken offline by security management in an attempt to limit the damage.

The cyberattack began causing outages at pharmacies and healthcare facilities, and soon after Change Healthcare said it took some systems offline to expel the hackers from its networks.

As a result of the Change Healthcare attack, some patients this week have been routed to other pharmacies to fill prescriptions. The company notes that patients’ bills may be delayed, and experts predict that the ransomware group may have accessed a trove of UnitedHealth personal information, and patients may later receive notices that their data was breached.

Military health insurance provider Tricare said the Change Healthcare cyberattack was “impacting all military pharmacies worldwide and some retail pharmacies nationally.”

Understanding Healthcare Ransomware Attacks

Ransomware gangs like Blackcat typically steal data from company systems, publish the names of their victims to dark web leak sites, then begin to pressure and extort organizations into paying a ransom demand.

The ransomware problem has reached a boiling point after several years of slowly gaining momentum. Cyberattacks on the healthcare industry in particular are now a notable threat to millions of patients in the United States and worldwide. A study published in JAMA Health Forum in 2022 found that the annual number of ransomware attacks against hospitals and other providers doubled from 2016 to 2021. Since then, the problem has only gotten worse.

The federal government has expressed concern, but the governmental response, much like the private sector’s IT security response, always lags new cyber threats. Hospitals, pharmacies and other health organizations have struggled to keep up with the hackers, and ransomware attacks are occurring with problematic frequency.

In the case of the latest UnitedHealth Group cyberattack, many details are still unknown. It is not clear how the hackers gained access to the Change Healthcare online infrastructure.

Data Privacy lawyers have filed data breach lawsuits against healthcare entities that collect and store large amounts of sensitive personal data, but then fail to protect it with reasonably secure networks.

Our legal team is currently investigating the root cause of the UnitedHealth and Optum cyberattack, with the assistance of industry experts nationwide. Contact our cybersecurity attorneys following any data breach incident.

Who Is Impacted by the UnitedHealth Ransomware Attack?

UnitedHealth said more than 90 percent of 70,000 pharmacies in the U.S. were impacted to some degree by the Change Healthcare outage. Initial reports have focused on the impact on pharmacies nationwide, but the issue could be much larger. The American Hospital Association says many of its members have not received payments and that some doctors cannot check whether patients have care coverage.

Beyond the immediate concern about healthcare services, there also lurks the primary concern, or the underlying motive for the ransomware attack: the possible theft of patient data. Reports suggest that the Change Healthcare system may have contained records on 208 million individuals as of July 2023.

Who is Responsible for the UnitedHealth Cyberattack?

UnitedHealth hired multiple outside firms, including Mandiant and Palo Alto Networks, and reached the conclusion that BlackCat, or AlphV, was responsible for security breach. The group actually admitted as much, claiming credit for the attack on its dark web leak site but the post has since been deleted.

The Russia-based Blackcat group claimed to have stolen millions of Americans’ sensitive health and patient information. They posted a statement to its site saying it stole 6 terabytes of “highly selective” data from UnitedHealth and other clients, including Medicare, CVS Caremark, Health Net, and Tricare. These claims have not been verified, and it is unknown if UnitedHealth is negotiating with the hackers.

Just a few months ago, the FBI broke into the Black Cat ransomware group servers, stole information about decryption tools for victims and seized control of several of its websites. The U.S. government celebrated the so-called counterattack on the hackers. This successful cyber intrusion on UnitedHealth, Optum and Change Healthcare networks, however, one of the largest health care entities in the U.S., shows how challenging it is to maintain any sense of cyber security.

Blackcat has a history of large, high-profile attacks, including those targeting MGM Resorts International and Caesars Entertainment last year.

Timeline of Change Healthcare Cyberattack

  • February 21: On their company site, Optum first reported enterprise-wide connectivity issues on February 21st. They noted the issue resulted in some applications to be unusable. They wrote, “Change Healthcare is experiencing a network interruption related to a cyber security issue and our security experts are working to address the matter.”
  • February 23: Optum writes that Change Healthcare was experiencing a cyber security issue, aware of an outside threat, and took immediate action to disconnect their systems to prevent further damage. They wrote, “We believe the issue is specific to Change Healthcare and all other systems across UnitedHealth Group are operational.”
  • February 25: The company explains they are working to restore all impacted systems. “We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online.”
  • February 29: Change Healthcare confirms the issue was perpetrated by a cybercrime threat actor known as ALPHV/Blackcat. “Based on our ongoing investigation, there’s no indication that Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.”

More About Optum & Change Healthcare

Owned by UnitedHealth Group, Change Healthcare manages health care technology pipelines, processing 14 billion transactions. An investigation is underway to determine what data may have been compromised at Change Healthcare, Optum, UnitedHealthcare and UnitedHealth Group.

Change Healthcare is one of the country’s biggest processors of prescription medications, handling billing for more than 67,000 pharmacies across the U.S.

Change Healthcare merged with Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group, the largest health insurance provider in the United States. The merger allowed Optum to access all patient records handled by Change. UnitedHealth Group collectively provides over 53 million U.S. customers with benefit plans. Optum serves another 103 million.

Class Action Data Privacy Lawyers are reviewing data breach claims related to the Change Healthcare cyberattack. If you or a loved one is notified by UnitedHealth, Optum or Change regarding this data security incident, contact our legal team. We offer free consultations, and represent plaintiffs in all fifty states. Learn more about taking measures to protect your privacy and discuss your legal options.