Change Healthcare is still dealing with major outages affecting provider and pharmacy operations following a cyberattack this week.
The network disruption is expected to last through Friday at least, according to an update posted to Optum Solutions' status page. Change Healthcare, which processes 15 billion patient healthcare transactions annually, was incorporated into UnitedHealth Group's Optum brand following a merger in 2022.
Related: UnitedHealth Group's Change Healthcare hit with cyberattack
"We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," said the company in an update posted to the page Friday afternoon. "We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect."
UnitedHealth Group linked the attack to a suspected nation-state associated threat actor in a Thursday filing with the Securities and Exchange Commission. The healthcare conglomerate said it can’t gauge the duration or extent of the disruption at this time. UnitedHealth said the network interruption was isolated to its Change Healthcare information technology systems and all other company systems are functional.
The company said in the filing that it is working with security experts and law enforcement, has notified customers and government agencies and doesn't expect the incident to materially affect its financial situation.
“Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident,” UnitedHealth said in the filing.
UnitedHealth declined to offer comment or further updates beyond the status page and regulatory filing.
The company reported network disruptions early Wednesday before linking them to a cybersecurity incident that afternoon.
Several providers and pharmacies have reported ongoing effects of the disruption.
The American Hospital Association shared an advisory Thursday to help providers navigate the issue.
“We recommend that all healthcare organizations that were disrupted or are potentially exposed by this incident consider disconnection from Optum until it is independently deemed safe to reconnect to Optum,” AHA said.
The association also advised providers to prepare downtime procedures in case the issue persists for an extended period of time.
Military healthcare provider Tricare said in a Thursday news release the outage is affecting military clinics and hospitals worldwide and that it has resorted to filling prescriptions manually.
CVS Health said in a statement Friday it has continuity plans in place to limit service disruption, and there is no indication its systems have been compromised.
“We’re continuing to fill prescriptions but in certain cases we are not able to process insurance claims, which our business continuity plan is addressing to ensure patients continue to have access to their medications,” a CVS Health spokesperson wrote in an email.
Walgreens estimated a "small percentage" of its pharmacy operations could be affected by the cyberattack, and the company has enacted plans to limit prescription delays for customers, according to a statement Friday.
Pharmacies relying on Change Healthcare's technology to electronically transmit claims to insurance companies or pharmacy benefit managers are likely to have issues with any claims other than ones paid by the patient in cash, said Patrick Berryman, National Community Pharmacists Association senior vice president of special projects and relationships.
He added that pharmacies looking for workarounds to meet patient needs could also be taking on their own risks. With the system down, he said pharmacies may unknowingly fill prescriptions that require a prior approval, for which they may not be paid.