UnitedHealth is working to restore Change Healthcare systems by mid-March, the company says

UnitedHealth Group in Thursday said expects to restore Change Healthcare’s systems by mid-March, offering a potential solution to the ransomware attack that disrupted critical operations in the US healthcare system.

The company discovered that a cyber threat actor breached part of Change Healthcare’s information technology network on February 21, according to submission with the Securities and Exchange Commission.

UnitedHealth isolated and shut down affected systems “immediately upon discovery” of the threat, the filing said, but it disrupted pharmacy services, payment platforms and medical claims processes.

UnitedHealth said in release on Thursday that e-prescribing is “now fully functional” and payment transmission and claims submission are currently available. The company said it expects electronic payment functionality to be restored by March 15 and will begin testing connectivity to its claims network and software on March 18.

There is “no indication” that other UnitedHealth systems were compromised in the attack, the company said in a statement.

“We are committed to providing relief to the people affected by this malicious attack on the US healthcare system,” UnitedHealth CEO Andrew Whitty said in the release.

On Friday, UnitedHealth announced a temporary funding assistance program to help health care providers experiencing cash flow problems as a result of the attack. The company said on Thursday that it is providing “additional funding solutions” for suppliers, which will mean “advancing funds every week”.

UnitedHealth said it recognizes that the program does not meet the needs of every provider, so it is expanding the program to include those “who have exhausted all available linkage options and who work with a payer that has chosen not to advance funds to providers during the period when health care change systems remain inactive,” the release said.

UnitedHealth said the advances will not have to be paid until claim flows return to normal.

In late February, Change Healthcare said the Blackcat ransomware group was behind the cyber security attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to Release in December from the US Department of Justice.

Ransomware attacks can be particularly dangerous in the healthcare sector, as they can cause immediate harm to patient safety when life-saving systems go dark. UnitedHealth did not specify in the announcement what data was compromised in the attack or confirm whether the company paid a ransom to bring its systems back online.