Page last updated on April 24, 2024
UNITEDHEALTH GROUP INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-02-22 16:08:47 EST.
Incident Details
Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date: 2024-02-12
Detected Date: 2024-02-21
Disclosure Date: 2024-02-22
Contained Date:
Recovered Date:
Attack Goal: Unknown
Costs: $1B - $1.15B
- Aggregated costs (Indirect): $1B - $1.15B - “Of the $870 million, about $595 million were direct costs due to the clearinghouse platform restoration and other response efforts, including medical expenses directly relating to the temporary suspension of some care management activities. For the full year, we estimate these direct costs at $1 billion to $1.15 billion,” Rex said.
https://therecord.media/ransomware-unitedhealth-costs-billions-still-climbing
Filings
8-K filed on 2024-02-22
UNITEDHEALTH GROUP INC filed an 8-K at 2024-02-22 16:08:47 EST
Accession Number: 0000731766-24-000045
Item 1.05 Material Cybersecurity Incidents.
On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.
The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational.
During the disruption, certain networks and transactional services may not be accessible. The Company is providing updates on the incident at https://status.changehealthcare.com/incidents/hqpjz25fn3n7. Please access that site for further information.
As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
8-K/A filed on 2024-03-08
UNITEDHEALTH GROUP INC filed an 8-K/A at 2024-03-08 17:13:56 EST
Accession Number: 0000731766-24-000085
Explanatory Note.
This Amendment No. 1 (the “Amendment”) amends the Current Report on Form 8-K filed by UnitedHealth Group Incorporated (the “Company”) with the Securities and Exchange Commission on February 22, 2024 (the “Original Report”).
Item 1.05 Material Cybersecurity Incidents.
As an update to the Original Report, the Company identified that cybercrime threat actors had gained access to certain Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company isolated the impacted systems from other connected systems in order to protect the Company’s partners and customers. The Company promptly notified customers, law enforcement and government agencies.
The Company is making substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and certain Change Healthcare services. The Company’s focus has been on ensuring patient access to care and medications by addressing challenges to pharmacy, medical claims and payment services targeted by the attack. The Company is working tirelessly to restore affected services and resume normal operations and along with law enforcement is investigating the extent of impacted data. The Company continues to believe the issue is specific to Change Healthcare. All other systems across the Company are operational.
The progress the Company is making, including interim measures and an expected timeline for restoration of key Change Healthcare systems, is described in a press release which the Company issued on March 7, 2024, a copy of which is attached to the Amendment as Exhibit 99.1.
As of the date of this Amendment, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Exhibit No. 99.1
Press Release dated March 7, 2024
8-K/A filed on 2024-04-24
UNITEDHEALTH GROUP INC filed an 8-K/A at 2024-04-24 16:02:43 EDT
Accession Number: 0000731766-24-000150
Explanatory Note.
This Amendment No. 2 (the “Amendment”) amends the Current Report on Form 8-K filed by UnitedHealth Group Incorporated (the “Company”) with the Securities and Exchange Commission on February 22, 2024 (the “Original Report”), as amended by the Current Report on Form 8-K/A filed on March 8, 2024 (“Amendment No. 1” and together with the Original Report are collectively referred to as the “Filed Reports”). Except as set forth in this Amendment, the information included in the Filed Reports remains unchanged.
Item 1.05 Material Cybersecurity Incidents.
As an update to information concerning the Change Healthcare cyberattack contained in the Filed Reports, the Company issued a press release on April 22, 2024, regarding its ongoing data assessment and support for impacted individuals, support for providers and customers with notifications, and Change Healthcare service restoration progress. A copy of the press release is attached to the Amendment as Exhibit 99.1 and incorporated by reference herein.
Exhibit No. 99.1
Press Release dated April 22, 2024
UnitedHealth Group Updates on Change Healthcare Cyberattack
Provides Update on Ongoing Review of Impacted Patient Data
Offers Support for People Potentially Impacted
Makes Strong Progress in Restoring Change Healthcare Services
(April 22, 2024) - UnitedHealth Group (NYSE: UNH) is announcing support for people who may be concerned about their personal data potentially being impacted based on preliminary findings from the ongoing investigation and review of the data involved in the malicious criminal cyberattack on Change Healthcare. The company is also providing an update on progress in restoring Change Healthcare’s products and services.
Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America. To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.
“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.
Data Assessment and Support for Impacted Individuals
Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals. As the company continues to work with leading industry experts to analyze data involved in this cyberattack, it is immediately providing support and robust protections, rather than waiting until the conclusion of the data review.
People can visit a dedicated website at http://changecybersupport.com to get more information and details on these resources. A dedicated call center has been established to offer free credit monitoring and identity theft protections for two years to anyone impacted. The call center will also include trained clinicians to provide support services. Given the ongoing nature and complexity of the data review, the call center will not be able to provide any specifics on individual data impact at this time.
The call center can be reached at 1-866-262-5342 and further details can be found on the website.
The company, along with leading external industry experts, continues to monitor the internet and dark web to determine if data has been published. There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time.
While this comprehensive data analysis is conducted, the company is in communication with law enforcement and regulators and will provide appropriate notifications when the company can confirm the information involved. This is not an official breach notification. The company will reach out to stakeholders when there is sufficient information for notifications and will be transparent with the process.
To help ease reporting obligations on other stakeholders whose data may have been compromised as part of this cyberattack, UnitedHealth Group has offered to make notifications and undertake related administrative requirements on behalf of any provider or customer.
Change Healthcare Service Restoration
Change Healthcare has made continued strong progress restoring services impacted by the event. We have prioritized the restoration of services that impact patient access to care or medication.
- Pharmacy services are now back to near normal levels with 99% of pre-incident pharmacies able to process claims.
- Medical claims across the U.S. health system are now flowing at near normal levels as systems come back online or providers switch to other methods of submission. Change Healthcare realizes there are a small number of providers who continue to be adversely impacted and is working with them to find alternative submission solutions and will continue to provide financial support as needed.
- Payment processing by Change Healthcare, which represents approximately 6% of all payments in the U.S health care system, is at approximately 86% of pre-incident levels and is increasing as additional functionality is restored.
- Other Change Healthcare services, including eligibility software and analytical tools, are being restored on a rolling basis with the active reconnection of our customers now the priority. To date, approximately 80% of Change functionality has been restored on the major platforms and products, and the company expects full restoration of other systems to be completed in the coming weeks.
- For the latest information on service restoration and customer support, please visit www.uhg.com/changehealthcarecyberresponse.
Analyst Notes
- 2024-03-14 - Option Health Care Inc 8-K: Option Health Care Inc filed an 8-K “ITEM 7.01. Regulation FD Disclosure.” disclosing that the Change Healthcare cybersecurity incident has resulted in “more than one-half of the Company’s claims for services rendered since the third party incident remain unable to be processed” with near-term disruption in (i) cash flow and working capital; (ii) inefficiencies in patient registration and support functions; (iii) inefficiencies in the billing and collections functions; (iv) higher net interest expense due to lower-than-expected interest-bearing cash balances.
- 2024-02-27 - Encompass Health Corporation 8-K: Encompass Health Corporation filed an 8-K “ITEM 7.01. Regulation FD Disclosure.” disclosing that the Change Healthcare cybersecurity incident has affected its submission of payment claims and that it “may experience payment collection delays as it turns to alternative channels to submit claims” depending on how long Change Healthcare service is down.
Related Articles
- 2024-02-28 - Ransomware gang claims they stole 6TB of Change Healthcare data: In a statement published on their dark web leak site today, BlackCat said that they allegedly stole 6TB of data from Change Healthcare’s network belonging to “thousands of healthcare providers, insurance providers, pharmacies, etc.”
- 2024-02-23 - Moody’s says hack against UnitedHealth is credit negative for company: The agency cited potential “financial and reputational impacts” of the cybersecurity attack at UnitedHealth’s technology unit Change Healthcare on Wednesday that caused disruption to pharmacies across the United States. Originally discovered from Andy Watkin-Child
Company Information
| Name | UNITEDHEALTH GROUP INC |
| CIK | 0000731766 |
| SIC Description | Hospital & Medical Service Plans |
| Ticker | UNH - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |