Major Cybersecurity Event Impacting Health Care, Pharmacy Operations

mike-bradley-promo

In light of a cybersecurity attack earlier this month experienced by one of the nation’s largest health care companies, there have been delays impacting operations, including payments and insurance transactions. Change Healthcare is a subsidiary of UnitedHealth Group that also operates as Optum Solutions. Delaware Insurance Commissioner Trinidad Navarro says the implications of this cyberattack are wide-reaching and not yet fully known. He says they hope that raising awareness of this issue will encourage consumers to be patient with any delays in clinical and pharmacy activities. Navarro adds that all parties are working as hard as they can to continue operations despite this issue. If you are in urgent need of medication, or will be soon, get in touch with your local pharmacy before visiting. You may need to use a different pharmacy, or plan to pay in cash. No timeline currently exists for resolution, and health care providers and pharmacies have been encouraged to remain disconnected from the impacted systems.

Additional Information from the Delaware Department of Insurance:

Change Healthcare, a subsidiary of UnitedHealth Group that also operates as Optum Solutions, states that it interacts with 1 in every 3 patient records. Their systems are integral in many areas of pharmacy operations, provider claim processing, billing and cost estimation services, patient eligibility verifications, and other clinical decision supports.

On February 21, 2024, Change Healthcare locked their systems in an attempt to limit the impact of the cybersecurity attack discovered that day. The ongoing disruption has created adverse impacts for providers and pharmacies, generating delays for consumers, limiting the ability to process payments and consumersā€™ insurance, and requiring complex workarounds or movement to new systems. It is believed that the attack was completed by a foreign hacking group. Federal entities are involved in the investigation.

“The implications of this cyberattack are wide-reaching and not yet fully known. We hope that raising awareness of this issue will encourage consumers to be patient with any delays in clinical and pharmacy activities. Please know that all parties are working as hard as they can to continue operations despite this issue. If you are in urgent need of medication, or will be soon, please get in touch with your local pharmacy before visiting. You may need to use a different pharmacy, or plan to pay in cash,” said Insurance Commissioner Trinidad Navarro. “No timeline currently exists for resolution, and health care providers and pharmacies have been encouraged to remain disconnected from the impacted systems.”

Insurers have been in contact with the Delaware Department of Insurance about this issue and are in communication with contracted providers to inform them of available portals and processes. The Delaware Insurance Data Security Act has not yet been triggered, but all parties continue to watch the situation closely. Additionally, the department will be closely monitoring any potential prompt payment compliance issues that may arise as a result of this situation.

At this time, there is no indication that consumer data or insurer data has been impacted. However, consumers are still encouraged to engage in personal cybersecurity practices at an enhanced level. To protect from a cybersecurity attack, install anti-malware protection and use complex passwords that cannot be easily guessed. Do not click on suspicious links in emails or pop-ups, including those purporting to be from health care services, providers, insurers, and pharmacies. Residents might consider freezing their credit report to protect data.

View Change Healthcareā€™s Incident Page

View this alert and any updates on Delaware.gov


rob-carson