CBS News
Hacking at UnitedHealth unit cripples a swath of the U.S. health system: What to know
Early in the morning of Feb. 21, Change Healthcare, a company unknown to most Americans that plays a huge role in the U.S. health system, issued a brief statement saying some of its applications were “currently unavailable.”
By the afternoon, the company described the situation as a “cybersecurity” problem.
Since then, it has rapidly blossomed into a crisis.
The company, recently purchased by insurance giant UnitedHealth Group, reportedly suffered a cyberattack. The impact is wide and expected to grow. Change Healthcare’s business is maintaining health care’s pipelines — payments, requests for insurers to authorize care, and much more. Those pipes handle a big load: Change says on its website, “Our cloud-based network supports 14 billion clinical, financial, and operational transactions annually.”
Initial media reports have focused on the impact on pharmacies, but techies say that’s understating the issue. The American Hospital Association says many of its members aren’t getting paid and that doctors can’t check whether patients have coverage for care.
But even that’s just a slice of the emergency: CommonWell, an institution that helps health providers share medical records, information critical to care, also relies on Change technology. The system contained records on 208 million individuals as of July 2023. Courtney Baker, CommonWell marketing manager, said the network “has been disabled out of an abundance of caution.”
“It’s small ripple pools that will get bigger and bigger over time, if it doesn’t get solved,” Saad Chaudhry, chief digital and information officer at Luminis Health, a hospital system in Maryland, told KFF Health News.
Here’s what to know about the hack.
Who did it?
Media reports are fingering ALPHV, a notorious ransomware group also known as Blackcat, which has become the target of numerous law enforcement agencies worldwide. While UnitedHealth Group has said it is a “suspected nation-state associated” attack, some outside analysts dispute the linkage. The gang has previously been blamed for hacking casino companies MGM and Caesars, among many other targets.
The Department of Justice alleged in December, before the Change hack, that the group’s victims had already paid it hundreds of millions of dollars in ransoms.
Is this a new problem?
Absolutely not. A study published in JAMA Health Forum in December 2022 found that the annual number of ransomware attacks against hospitals and other providers doubled from 2016 to 2021.
“It’s more of the same, man,” said Aaron Miri, the chief digital and information officer at Baptist Health in Jacksonville, Florida.
Because the assaults disable the target’s computer systems, providers have to shift to paper, slowing them down and making them vulnerable to missing information.
Further, a study published in May 2023 in JAMA Network Open examining the effects of an attack on a health system found that waiting times, median length of stay, and incidents of patients leaving against medical advice all increased — at neighboring emergency departments. The results, the authors wrote, mean cyberattacks “should be considered a regional disaster.”
Attacks have devastated rural hospitals, Miri said. And wherever health care providers are hit, patient safety issues follow.
What does it mean for patients?
Year after year, more Americans’ health data is breached. That exposes people to identity theft and medical error.
Care can also suffer. For example, a 2017 attack, dubbed “NotPetya,” forced a rural West Virginia hospital to reboot its operations and hit pharma company Merck so hard it wasn’t able to fulfill production targets for an HPV vaccine.
Because of the Change Healthcare attack, some patients may be routed to new pharmacies less affected by billing problems. Patients’ bills may also be delayed, industry executives said. At some point, many patients are likely to receive notices their data was breached. Depending on the exact data that has been pilfered, those patients may be at risk for identity theft, Chaudhry said. Companies often offer free credit monitoring services in those situations.
“Patients are dying because of this,” Miri said. Indeed, an October preprint from researchers at the University of Minnesota found a nearly 21% increase in mortality for patients in a ransomware-stricken hospital.
How Did It Happen?
The Health Information Sharing and Analysis Center, an industry coordinating group that disseminates intel on attacks, has told its members that flaws in an application called ConnectWise ScreenConnect are to blame. Exact details couldn’t be confirmed.
It’s a tool tech support teams use to remotely troubleshoot computer problems, and the attack is “apparently fairly trivial to execute,” H-ISAC warned members. The group said it expects additional victims and advised its members to update their technology. When the attack first hit, the AHA recommended its members disconnect from systems both at Change and its corporate parent, UnitedHealth’s Optum unit. That would affect services ranging from claims approvals to reference tools.
Millions of Americans see physicians and other practitioners employed by UnitedHealth and are covered by the company’s insurance plans.
UnitedHealth has said only Change’s systems are affected and that it’s safe for hospitals to use other digital services provided by UnitedHealth and Optum, which include claims filing and processing systems.
But not many chief information officers “are jumping to reconnect,” Chaudhry said. “It’s an uneasy feeling.”
Miri says Baptist is using the conglomerate’s technology and that he trusts UnitedHealth’s word that it’s safe.
Where’s the Federal Government?
Neither executive was sanguine about the future of cybersecurity in health care. “It’s going to get worse,” Chaudhry said.
“It’s a shame the feds aren’t helping more,” Miri said. “You’d think if our nuclear infrastructure were under attack the feds would respond with more gusto.”
While the departments of Justice and State have targeted the ALPHV group, the government has stayed behind the scenes more in the aftermath of this attack. Chaudhry said the FBI and the Department of Health and Human Services have been attending calls organized by the AHA to brief members about the situation.
Miri said rural hospitals in particular could use more funding for security and that agencies like the Food and Drug Administration should have mandatory standards for cybersecurity.
There’s some recognition among officials that improvements need to be made.
“This latest attack is just more evidence that the status quo isn’t working and we have to take steps to shore up cybersecurity in the health industry,” said Sen. Mark Warner (D-Va.), the chair of the Senate Select Committee on Intelligence and a longtime advocate for stronger cybersecurity, in a statement to KFF Health News.
KFF Health News (formerly known as Kaiser Health News, or KHN) is a national newsroom that produces in-depth journalism about health issues. Together with Policy Analysis and Polling, KHN is one of the three major operating programs at KFF (Kaiser Family Foundation). KFF is an endowed nonprofit organization providing information on health issues to the nation.
CBS News
Floods, landslides struck parts of Bosnia as residents slept, leaving at least 16 dead and several missing
A severe rainstorm struck Bosnia overnight Friday, killing at least 16 people in floods and landslides in several towns and villages in central and southern parts of the country, with surging waters rushing into people’s homes as they were sleeping.
Rescue services in the south said several people were missing and called on volunteers and the army to assist as roads were closed and houses left without electricity.
Josip Kalem, a resident of Fojnica, one of the towns hit by the floods, said his dog’s barking woke him up at around 4 a.m. When he came out on the terrace, he saw the water rising rapidly.
“I came down, woke up my wife, and we looked around, we could not get out of the house. We saw more and more water coming in,” he said. “All of a sudden, the water was flooding the garage, basement, my car — everything. The water swept it all away, including my dog. Flood took it downstream.”
Andja Milesic, another resident of Fojnica, also said she was caught by surprise in the middle of the night.
“When I woke up, my bedroom floor was already soaked. I walked into the hallway — water was everywhere — the living room, everywhere,” she said. “It was horrible.”
Armin Durgut / AP
Darko Juka, a spokesman for the local administration, said at least 14 people had died in and around the southern town of Jablanica. Officials later said two more bodies have been found.
“Those are the ones who have been discovered by rescuers,” he said. “We still don’t know the final death toll.”
“I don’t remember such a crisis since the war,” Juka said referring to the 1992-95 war in Bosnia that left the country in ruins. “The scale of this chaotic situation is harrowing.”
Defense Minister Zukan Helez told N1 regional television that troops have been engaged to help and that the casualties were reported.
Helez said that “hour after hour we are receiving news about new victims. … Our first priority is to save the people who are alive and buried in houses where the landslides are.”
A pregnant woman lost her baby after she was rescued from the floods and transferred to a hospital in the regional center of Mostar. Authorities said doctors were fighting for her life as well. Separately, a child was successfully rescued and hospitalized, local officials said.
Rescue services in the towns of Jablanica and Kiseljak said the power was off overnight and mobile phones lost their signal.
The Jablanica fire station said that the town was completely inaccessible because roads and trainlines were closed.
“The police informed us that the railroad is also blocked,” the state rescue service said in a statement. “You can’t get in or out of Jablanica at the moment. Landline phones are working, but mobile phones have no signal.”
It urged people not to venture out on the flooded streets.
Human-caused climate change increases the intensity of rainfall because warm air holds more moisture. This summer, the Balkans were also hit by long-lasting record temperatures, causing a drought. Scientists said the dried-out land has hampered the absorption of floodwaters.
Armin Durgut / AP
Drone footage broadcast on Bosnian media showed villages and towns completely submerged under water, while videos on social networks showed dramatic scenes of muddy torrents and damaged roads.
One of the busiest roads linking Sarajevo with the Adriatic coast via Jablanica was swept into a river, together with a railway line in a huge landslide, according to photos.
“Many people are endangered because of big waters and landslides. There is information about victims and many injured and missing persons,” said the civic protection service.
Authorities urged people to stay on the upper floors of their homes. Reports said surging waters swept away domestic animals and cars as the water swiftly filled up lower floors of buildings.
The heavy rains and strong winds were also reported in neighboring Croatia, where several roads were closed and the capital of Zagreb prepared for the swollen Sava River to burst its banks.
Heavy winds have hampered traffic along the southern coast of the Adriatic Sea, and flash floods caused by heavy rain threatened several towns and villages in Croatia.
Floods caused by torrential rains were also reported in Montenegro, south of Bosnia, where some villages were cut off and roads and homes flooded.
In 2014, floodwaters triggered more than 3,000 landslides across the Balkans, laying waste to entire towns and villages and disturbing land mines leftover from the region’s 1990s war, along with warning signs that marked the unexploded weapons.
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
