A cyberattack on America’s biggest health insurer has left pharmacies unable to fill prescriptions across the country.
UnitedHealth said tens of thousands of pharmacies were impacted by the hack it suspects was a state-sponsored attack.
The hack began on Wednesday, preventing several pharmacies from processing prescriptions to insurance companies.
It is unclear how many patients are affected but UnitedHealth serves about 7.7 million customers nationwide.
The incident coincided with a nationwide cell outage at AT&T Thursday, which left more than 70,000 customers without cell service.
A cyberattack on a unit of UnitedHealth has made pharmacies nationwide unable to get prescriptions to patients
CVS Health said that the hack meant that, ‘in certain cases,’ it was unable to process insurance claims. Pharmacies like Walgreens and Publix
There is no evidence that the two events are related, but the FBI and Homeland Security is investigating the latter.
UnitedHealth said Thursday that its Change Healthcare unit, which processes prescriptions to pharmacies across the country, was compromised by a ‘suspected nation-state associated cyber security threat actor.’
Several prescription providers announced that they were impacted by the hack.
CVS Health, which has more than 9,000 pharmacies, said that the hack meant that, ‘in certain cases’ it was unable to process insurance claims.
‘We’re committed to ensuring access to care as we navigate through this interruption,’ the company’s statement said. A spokesman for the chain did not immediately provide further details.
Walgreens, which serves nine million customers, said a ‘small percentage’ of its prescriptions ‘may be affected,’ but that the company had safeguards in place to process and fill them ‘with minimal delay or interruption.’
The company said it had no additional information to share about the incident.
Publix Super Markets didn’t immediately respond to a request for comment, but on social media some users complained of issues when trying to fill their prescriptions.
‘This is a nationwide disruption,’ Publix said in a response to one user on X, formerly known as Twitter.
Other companies including GoodRX and BlueCross BlueShield of Montana also flagged potential disruptions on social media.
The number of cyberattacks on healthcare providers has more than doubled since 2016 – with 91 per year in 2021 compared to 43 five years ago
Up to 80 percent of hacks led to disruptions to operations – which lasted weeks
‘We apologize for any outages you have been experiencing while at the pharmacy,’ GoodRx wrote on X.
‘Unfortunately, the issue is an external one impacting both GoodRx and a multitude of providers.’
‘Our team is aware of the issue and working to ensure it is resolved. We appreciate your patience!’
Naval Hospital Camp Pendleton, a military health system in California, wrote on X: ‘Due to an ongoing enterprise-wide issue, all Camp Pendleton and associated pharmacies are unable to process any prescription claims.’
‘We are only able to assist patients with emergency and urgent prescriptions from hospital providers at this time.’
The hospital’s website states that ‘Naval Hospital Camp Pendleton and associated pharmacies will provide outpatient prescriptions through a manual procedure until this issue is resolved.’
‘Priority will be given to urgent prescriptions followed by routine prescriptions as manning and resources allow.’
Independent pharmacies also reported issues.
‘Please be patient with us and all of the pharmacies affected by this,’ Dayton Drug and Wellness, a community pharmacy in Dayton, Tennessee, wrote on its Facebook page.
‘There have been/will be delays until this resolves,’ Skippack Pharmacy in Skippack, Pennsylvania said in another message posted to Facebook. ‘Pharmacies around the country are affected.’
This is far from the first time a health system has been the target of a cyber attack.
In 2022, an attack was carried out against CommonSpirit Health, a system that runs 140 hospitals and 1,000 care sites across 21 states.
This resulted in dangerous consequences for patients, including a three-year-old boy in Iowa who was accidentally given a megadose of opioids when the computer system dictating dosing was shot down.
And in August, hospital computer systems operated by Prospect Medical Holdings were compromised, wreaking havoc in hospitals across five states.
In 2022, an analysis from researchers from the University of Minnesota in Minneapolis looked at 374 ransomware attacks across the US between January 2016 and December 2021.
Results showed that the frequency of the hacks more than doubled in that time — from 43 breaches in 2016 to 91 in 2021.
Almost half (44 percent) of ransomware attacks disrupted the delivery of health care, with one in 10 leading to canceled appointments or operations and four percent causing ambulance diversions.
In total, the medical records of 41.9million Americans were accessed in that time, but hackers became much more adept at obtaining patient information.