FAQ
Change Healthcare Network Outage Due to Cyberattack
Healthcare technology company Change Healthcare announced a system outage on February 21, 2024. Change Healthcare is responsible for a large portion of prescription and other medical service insurance claims processing with an estimated 15 billion transactions per year.
The outage may have prevented pharmacies and other healthcare organizations including an estimated 10,000 clinics, hospitals, and other providers, from processing prescription and service claims. This may have left physicians’ offices unable to provide medical services to their patients, and left patients unable to access necessary medications or receive other medical services.
Change Healthcare, along with parent companies Optum, Inc and UnitedHealth Group clarified that the outage was due to a cybersecurity breach and that systems had been disconnected to protect the Optum and UnitedHealth network from further threats. The cyberattack was identified as being from an “unnamed nation-state associated” group but has yet to be resolved.
Impact of Change Cyberattack on Private Medical Practices
While pharmacies appeared to be on the front line of this crisis, unable to process claims, the ripple effects were acutely felt by private healthcare providers. The disruption may have been particularly detrimental to private practices, which may lack the robust IT infrastructure of larger organizations to navigate such crises. They may have found themselves struggling to maintain continuity of care without the infrastructure to manage electronic transactions and billing—a lifeline of their operations.
Private practices, especially those that are small or family-run, often do not possess the resources to swiftly adapt to alternative systems, unlike larger organizations, imposing undue financial burdens and diverting physicians from their primary role of patient care as they navigate these unforeseen complexities. This may also have left patients unable to obtain prescriptions in a timely manner from trusted sources they know and love.
Patients, Physicians and Pharmacies May Continue to be Affected
Pharmacies, physicians’ offices, and other healthcare organizations in many parts of the U.S. may have been unable to process prescription or other medical claims for multiple days, leaving patients unable to access critical medications or medical treatments and health businesses unable to or receive payment for providing them.
Practices and Patients May Still Face Additional Risk
UnitedHealth Group and Optum have claimed that other units of their healthcare and insurance companies were not affected but for a long period of time, were unable to provide a solution and advised that businesses delete their applications to protect their own systems.
No announcements were made regarding risk of data theft during the cyberattack, but pharmacies, medical providers and patients may still be at risk of data breach, financial loss, and at risk of medical harm due to the cybersecurity attack at Change Healthcare. In addition to medical risks associated with unavailability of prescription medication, data breach due to cyberattack may increase the risk of financial loss, exposure of personal data, identity theft, and other circumstances for both businesses and patients.
Change HealthCare Customer Data Security Breach Lawsuit
In March 2024, a number of lawsuits were filed in federal courts in Tennessee and Minnesota, against Change HealthCare and associated companies, Optum and UnitedHealthcare. Federal lawsuits were transferred and consolidated into multidistrict litigation (MDL) in the U.S. District Court for the District of Minnesota. Litigation is ongoing and Seeger Weiss partner, Jennifer Scullion continues to serve in a leadership role as counsel for multiple litigants.