Breach taxonomy
Summary
On February 21, 2024, UnitedHealth Group identified that a suspected nation-state associated threat actor had gained access to Change Healthcare IT systems — the largest healthcare payment clearinghouse in the United States, processing approximately one-third of all US medical claims. The company immediately isolated the impacted systems from other connecting systems to contain the incident, causing widespread disruption to pharmacy transactions and healthcare payment processing across the country. The company engaged leading security experts and worked with law enforcement; all other UnitedHealth systems were stated to be operational at the time of filing.
Tagging rationale
ThreatNation State
Initial 8-K filing states a suspected nation-state associated cyber security threat actor had gained access — explicit attribution at time of filing.
MethodsSystem Outage
Filing describes a network interruption requiring system isolation; no specific attack method is identified in this initial disclosure (later confirmed as ransomware).
AssetsRevenue ProcessThird Party Process
Change Healthcare processes billing and claims for a significant portion of US healthcare; the disruption affected both company revenue processes and downstream third-party healthcare provider payment operations.
EffectsBiz Interruption
Filing states systems were proactively isolated causing networks and transactional services to be inaccessible, resulting in major business interruption to Change Healthcare's payment processing operations.
Business continuityPartial
Filing states systems were isolated and the company was working to restore operations but could not estimate the duration or extent of the disruption → Partial.
Impact
Change Healthcare is critical US healthcare payment infrastructure processing ~1/3 of all medical claims; complete system isolation caused nationwide disruption to pharmacies and hospitals with recovery timeline unknown at filing.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incidents. On February 21, 2024, UnitedHealth Group identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident. The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational. During the disruption, certain networks and transactional services may not be accessible.