Skip to content

The Unprecedented E-Prescription Outage at Change Healthcare: A Comprehensive Analysis

‍Image Source: FreeImages


The healthcare industry has been grappling with a mammoth challenge in the form of a cyberattack on Change Healthcare, a prominent healthcare technology company. This disruption has not only impacted the company’s operations but has also sent shockwaves across the entire healthcare sector, specifically affecting e-prescriptions.

Understanding Change Healthcare

Change Healthcare is a renowned healthcare technology corporation headquartered in Nashville, Tennessee, with operations spread across various global locations. Founded in 2007, the company was acquired by UnitedHealth Group (UHG) and its Optum Insight business unit in an $8 billion deal in 2022.

The Change Healthcare platform offers an array of services to healthcare providers, including payment and revenue cycle management, claims processing, and an integrated system for managing appeals from claimants for denied claims. As one of the largest health information exchange (HIE) platforms in the U.S., the company handles 15 billion claims annually, amounting to over $1.5 trillion.

The Cyberattack on Change Healthcare

Change Healthcare fell victim to a cyberattack on February 21, 2024. The ransomware group known as ALPHV or BlackCat claimed responsibility for the attack, which resulted in significant disruptions in Change Healthcare’s operations. The specifics of how the attackers were able to gain access to Change Healthcare’s network have not been disclosed publicly.

Ransomware attacks are particularly damaging as they can instantly render critical systems and data inaccessible, posing immediate risks to patient safety and care delivery. In the case of Change Healthcare, the attack disrupted key operations, forcing healthcare providers and pharmacies to deploy workarounds to continue providing services.

Impact of the Attack

The impact of the cyberattack on Change Healthcare is far-reaching, affecting millions of Americans who use the platform either directly or indirectly. The affected groups include:

  • Physicians and hospitals, who are facing difficulties in billing, managing, and issuing prescriptions and healthcare procedures.
  • Pharmacies, which are struggling to access information and correctly fill prescriptions.
  • Individuals who are looking to make health claims and fill prescriptions.

The Attack Timeline

The series of events that unfolded following the attack were:

  • February 21, 2024: Change Healthcare was attacked by the BlackCat/ALPHV ransomware group, leading to the company taking its systems offline.
  • February 28, 2024: BlackCat/ALPHV claimed responsibility for the attack.
  • March 1, 2024: Security researchers discovered that a payment of 350 bitcoins, worth $22 million, was made to a bitcoin cryptocurrency wallet associated with BlackCat/ALPHV.
  • March 7, 2024: Services for prescription claim submissions and payment systems were restored.
  • March 18, 2024: Full system recovery for all medical claims was expected.

The Perpetrators of the Attack

The BlackCat ransomware gang, also known as ALPHV, claimed responsibility for the attack against Change Healthcare. BlackCat/ALPHV operates with a ransomware-as-a-service (RaaS) model, allowing affiliates to attack victims with its ransomware code, who are then paid a share of any ransomware payment.

The Aftermath of the Attack

The attack on Change Healthcare has had several repercussions:

  • Patient care services have been disrupted, affecting clinical decision support, eligibility verifications, and pharmacy operations.
  • Claims processing and eligibility checks have been severely disrupted, preventing a substantial portion of claims from being processed.
  • Hospital finances and service delivery have been adversely impacted, affecting their ability to offer a full range of health care services to their communities.
  • Revenue cycle management has been interrupted, affecting providers’ ability to process claims for payment, patient billing, and patient cost estimation services.
  • Operational challenges are being faced by many hospitals, which may impact their ability to pay salaries for clinicians, acquire necessary medicines and supplies, and pay for mission-critical contract work.

Federal Government Assistance

The U.S. federal government, through the Centers for Medicare & Medicaid Services (CMS), has taken steps to assist providers impacted by the Change Healthcare cyberattack. These include expedited electronic data interchange (EDI) enrolment for providers needing to change clearinghouses for claims processing and guidance to Medicare Advantage (MA) organizations to offer advance funding to the most affected providers.

UnitedHealth Group’s Temporary Financial Assistance Program

UnitedHealth set up a Temporary Funding Assistance Program offered by its Optum Financial Services business unit. This program is designed to help healthcare providers who have been impacted by the outage in the payment systems of Change Healthcare.

Lessons from the Attack

The attack on Change Healthcare serves as a stark reminder of the vulnerabilities of the healthcare industry to cyberthreats. Some key takeaways and recommendations for organizations include:

  • Business contingency plans are critical to address cyberattacks or disruptions in revenue cycle processes.
  • Securing Active Directory is crucial to limit the ability of ransomware attacks to spread across a network.
  • Investing in ransomware protection is a requirement, given the persistent threat of ransomware.

As the healthcare sector continues to grapple with this crisis, it becomes increasingly clear that a robust and proactive cybersecurity strategy is no longer an option but a necessity in today’s digital age.