



The fallout from a ransomware attack on the nation's largest health care payment processor is the most serious incident of its kind against a U.S. health care organization, the CEO of American Hospital said Thursday evening Association, Rick Pollack.

The attack crippled Change Healthcare, a company that offers health care providers a widely used program to manage customer payments and insurance claims. The company took most of its systems offline to prevent the attack from spreading, a common countermeasure.

Nine days after the attack on Change Healthcare, a healthcare technology company that is part of Optum and owned by UnitedHealth Group, began, the effects continue to be felt across the healthcare system, a Pollack said in a press release. The American Hospital Association is the nation's largest health care industry group.

This outage was devastating for small and mid-sized healthcare providers. Doctors told CNBC that the outage prevented them from filling prescriptions electronically and prevented insurers from reimbursing providers.

Later Friday, Change said it had developed a new workaround for its e-prescription service that is immediately available to all customers.

Change claims to process 15 billion healthcare transactions each year and is involved in a third of all U.S. patient records.

In an emailed statement, a spokesperson for Change Healthcare's parent company, UnitedHealth Group, said thousands of pharmacies use offline fulfillment solutions. More than 90% of the more than 70,000 U.S. pharmacies that use payment processor Change Healthcares use other ways to process payments, the spokesperson said.

UnitedHealth Group announced on its website that it discovered the attack on February 21 and that cybercriminals deployed a type of ransomware called Alphv.

Alphv is created by Russian-speaking cybercriminals, but it is not clear who installed it on Change Healthcares systems. The same ransomware was used in the devastating attack on MGM hotels in Las Vegas last year, although experts and a person familiar with the matter said it was installed by a small group of young, English-speaking hackers .

A coalition of U.S. and European law enforcement announced an operation to disrupt the Alpv in December, although it appears to have recovered somewhat.

Change Healthcare is working with U.S. law enforcement and has retained two major cybersecurity companies, Mandiant and Google-owned Palo Alto, to work on recovery, a spokesperson said in a statement.

The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency are all providing assistance, an FBI spokesperson said in an email Friday afternoon.

