Federal government opens investigation into cyberattack on UnitedHealth Group

The attack disrupted pharmacies, clinics and hospitals nationwide.

March 13, 2024 at 8:39PM
FILE - This July 12, 2019 file photo shows the UnitedHealthcare headquarters in Minneapolis. UnitedHealth Group will spend nearly $8 billion in cash to add a health care technology company to its growing Optum business. UnitedHealth said Wednesday, Jan. 6, 2021 that it will add Change Healthcare to its OptumInsight segment and boost its ability to provide data analytics and revenue cycle management support, among other offerings. (AP Photo/Jim Mone, File)
The Department of Health and Human Services has opened up an investigation into a cyberattack on UnitedHealth Group three weeks ago. (Jim Mone/The Associated Press)

The U.S. Department of Health and Human Services has opened an investigation into the cyberattack at UnitedHealth Group that disrupted pharmacy refills and insurance claims processing at clinics and hospitals across the country.

The investigation, announced on Wednesday, is the first government probe into the Feb. 21 cyberattack that has jolted the U.S. health system. The attack was on UnitedHealth’s Change Healthcare unit, which processes about 50% of medical claims in the country.

“Given the unprecedented magnitude of this cyberattack and in the best interest of patients and health care providers” the HHS Office for Civil Rights is initiating an investigation into the incident, the health department said.

The Office for Civil Rights is responsible for administering and enforcing the rules for the health care sector under the Health Insurance Portability and Accountability Act (HIPAA), a federal law that protects sensitive patient health information.

The probe will focus on identifying the extent of the possible breach, and compliance by UnitedHealth and the unit with the federal law, the HHS said.

Minnetonka-based UnitedHealth said it would cooperate with the investigation.

“Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” it said.

The full extent of the data breach remains unknown, and UnitedHealth has said it was still investigating.

UnitedHealth CEO Andrew Witty met with government officials and provider representatives at the White House on Tuesday.

UnitedHealth said late last week it is making progress in solving the issues caused by the cyberattack. It also announced improvements to its financial relief program for cash-strapped health care providers, a program hospitals had criticized. Clinics and hospitals have been struggling to submit claims, raising concerns over a cash crunch that could make it difficult to make payroll and cover supply costs without bridge financing.

Electronic prescribing for pharmacies is now fully functional with claim submission and payment transmission also available, the company said.

An electronic payment system should be available for connection beginning March 15, it said.

UnitedHealth has blamed the hack on BlackCat, a notorious ransomware group that has a history of disruptive attacks.

In a message posted to and then quickly deleted from their darknet site, the hackers said on Feb. 21 that they stole millions of sensitive records, including medical insurance and health data, from the company.

Star Tribune staff writer Christopher Snowbeck contributed to this story.

about the writer

about the writer