UnitedHealth Group's Change Healthcare has fallen victim to a cyberattack, marking a credit-negative event for the company, according to Moody's.
"The cyberattack against UnitedHealth Group, one of the largest U.S. commercial prescription processors, is credit negative for the company, as financial and reputational impacts may ensue," Dean Ungar, vice president and senior credit officer for Moody's Investors Service, told Becker's in an emailed statement. "Reportedly, the impact is limited to its subsidiary Change Healthcare, which is relatively small compared to the consolidated company."
Change Healthcare reported a "cybersecurity incident" on Feb. 21 that disrupted connectivity and healthcare operations nationwide.
Limited information has been disclosed regarding the specifics of the cybersecurity incident. However, a Feb. 21 filing with the Securities and Exchange Commission reveals that UnitedHealth Group detected the presence of a cyber threat actor suspected to be associated with a nation-state.
The intruder had successfully accessed certain Change IT systems, according to the filing.
The AHA has warned hospitals and health systems to disconnect from Change Healthcare systems. Danville, Pa.-based Geisinger is one of the organizations that has already done so.