NewsLocal NewsCleveland Metro

Actions

Cyberattack disrupts prescription processing at pharmacies

data
Posted
and last updated

One of the country's largest healthcare technology companies is the subject of the latest cyberattack.

UnitedHealth Group's Change Healthcare has disconnected its systems affected by the threat as it trouble shoots the issue.

On Friday, some Northeast Ohio patients said they were having to pay their prescription costs out-of-pocket because their pharmacy had trouble processing insurance claims.

“There were some customers that were having issues with their CareSource," said Tim Obojski. "The prescriptions weren’t going through.”

The Slavic Village resident said he didn't see the same problems with his medicare-covered prescriptions, but would struggle to pay the full cost of his medications if he did.

“I couldn’t even imagine, with how expensive healthcare is in this country right now,” he said.

In an SEC disclosure filed this week, UnitedHealth Group, Inc. said it identified a suspected "nation-state associated cyber security threat actor" had gained access to some of the Change Healthcare information technology systems.

The healthcare technology company provides prescription processing services through Optum. The service providers are owned by the UnitedHealth Group.

In an email to News 5 Friday, an Optum spokesperson said, "Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. At this time, we believe the issue is specific to Change Healthcare and all other systems across UnitedHealth Group are operational."

Change Healthcare asked patients and partners who use their service to disconnect while they investigate the attack.

News 5 reached out to multiple pharmacies and hospitals to see how the attack impacted them.

"We are aware that Change Healthcare is experiencing a network interruption that is impacting certain CVS Health business operations, as well as the operations of other companies nationally. There is no indication that CVS Health’s systems have been compromised. We’re committed to ensuring access to care as we navigate through this interruption. We have business continuity plans in place to minimize disruption of service and apologize for any inconvenience our customers and members may experience.We’re continuing to fill prescriptions but in certain cases we are not able to process insurance claims, which our business continuity plan is addressing to ensure patients continue to have access to their medications."
CVS
“Our pharmacy operations, and the vast majority of prescriptions are not being impacted by this third-party issue. For the small percentage that may be affected, we have procedures in place so that we can continue to process and fill these prescriptions with minimal delay or interruption.”
Walgreen's
“We’ve adjusted and are using other systems so our pharmacies are still processing scrips and our customers shouldn’t have any issues.”
Meijer
"Yes, we are aware of cyber issue with Change Healthcare. Cleveland Clinic pharmacies are continuing to fill patients’ prescriptions."
Cleveland Clinic

Some independently owned Northeast Ohio pharmacies told News 5 Friday they were swamped with back orders. Some said they had successfully pivoted to other systems. Others said, in some cases, they had to dispense individual doses to patients when they could not process a prescription.

“We don’t know how much of this was done, necessarily, by attackers versus how much of it is a result of taking systems offline and investigating and trying to stop anything from spreading,” said Alex Hamerstone of the system disruptions.

An advisory solutions director for cyber security company TrustedSec, Hamerstone said the "nation-state" suspected of perpetrating the attack is a broad term for someone using sophisticated systems from outside the country.

“There’s all kinds of ways to describe ‘government support,’ whether it’s actually providing tools or providing resources or just not prosecuting some of these groups,” he explained.

Hamerstone said cyber attacks in general appear to be increasing and many have a broader effect than in years past.

"Everything's connected, everything's online," he said. “Things that maybe 10 or 15 years ago could still function pretty easily, even if computer systems were down, these days that’s really changed.”

In an update on its website Friday afternoon, Optum said it expected the disruption to last at least through the day.

"We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect," the statement said.

This isn't the first time hackers have attacked a health care company.

In November of 2023, Ardent Health Services were involved in a cyber attack.

RELATED: Hospital system that operates in 6 states is victim of cyberattack