According to UnitedHealth’s filing with the U.S. Securities and Exchange Commission on Thursday, the attack on Change Healthcare is believed to be linked to a “suspected nation-state-associated” actor. The company swiftly took action upon detection, isolating and disconnecting the affected systems, although specifics regarding the attack’s nature remain undisclosed.

Change Healthcare is grappling with an extended outage, now stretching into its fourth consecutive day, following the revelation from its parent company, UnitedHealth Group, regarding a suspected cybersecurity intrusion. The breach, disclosed on Wednesday, marks a concerning development for UnitedHealth, the largest healthcare company in the U.S. by market capitalization, which oversees Optum, a major healthcare provider, and Change Healthcare, a pivotal player in payment and revenue cycle management solutions following their merger in 2022.


As of Saturday afternoon, Change Healthcare anticipates the disruption persisting throughout the day, emphasizing a cautious approach to system restoration without compromising security. While UnitedHealth has assured that Optum, UnitedHealthcare, and its own systems remain unaffected, the impact extends beyond internal operations. CVS Health, for instance, has reported operational challenges, such as delays in insurance claim processing, though it asserts its own systems remain uncompromised.

Amidst the ongoing situation, the American Hospital Association has advised healthcare entities to sever connections with Optum until the environment is deemed secure, indicating collaboration with relevant authorities to address the incident.