UnitedHealth Says a “New Instance” of Change Healthcare Is Up and Running

UnitedHealth Group says it has launched a “new instance” of Change Healthcare, the digital prescription service it deactivated last week after a ransomware attack.

The legacy “option” of Change Healthcare remains down, according to a company spokesperson.

At 3:03 Eastern Standard Time today, the company posted a status update that said, “We have completed standing up a new instance of Change Health’s Rx ePrescribing service.”

The update, posted on an Optum website where previous status updates have been posted, says the service was enabled at 1 p.m. Central Time (2 p.m. Eastern Standard Time) and was tested with “vendors and multiple retail pharmacy partners for the impacted transaction types.”

A company spokesperson did not respond to questions from Managed Healthcare Executive seeking further explanation and clarification of this afternoon's status updates.

UnitedHealth also launched a new website today to posts news about the Change Healthcare cyberattack and subsequent disconnection. .

The outage has disrupted pharmacy claims processing at pharmacies, hospitals and other prescribing locations throughout the U.S. Other companies that process claims say they have stepped in and taken over some of the processing that Change Healthcare doe

Yesterday, UnitedHealth confirmed that a group representing itself as ALPHV/Blackcat had launched the cyberattack, which began on Feb. 21. Reuters reported on Feb. 26 that the Blackcat group was behind the attack. Blackcat is well-known to cybersecurity experts.

The federal Cybersecurity & Infrastructure Security Agency (CISA) issued an updated warning about ALPHV Blackcat on Feb. 27 that says that the group had updated its ransomware so it can encrypt both Windows and Linux devices and VMWare instances.

Related: UnitedHealth Group Unplugs Change Healthcare Information Systems To Contain Cyberattack

In December, the Department of Justice issued a news release that said it had disrupted ALPHV/Black Cat and that FBI had developed a decryption tool that had saved dozens of victims ransom demands totaling approximately $68 million.

The news release says that Blackcat uses a ransomware-as-a-service model. It develops the ransomware while “affiliates” are responsible for identifying and attacking high-value victims. When the target pays the ransom, the developer and the affiliates split the proceeds, the news release says.

A joint advisory from CISA, the Justice Department and the Department of Health and Human Services says that since mid-December, Blackcat has targeted the healthcare sector.

“This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure," says that advisory.

UnitedHealth's numerous status update have said the attack has not affected other information systems at the company, which includes UnitedHealthcare, the health insurer, and Optum Rx, the pharmacy benefit manager.

UnitedHealth bought Change Healthcare in 2022 for a reported $13 billion, and it is situated in the UnitedHealth’s Optum division.Although the Change Health offers a variety of data processing and analytics services, in this context its main function is processing pharmacy claims.