For nearly a week, prescription drug orders have been disrupted at thousands of pharmacies as the largest health insurer in the United States tries to fully restore services following a cyberattack.

The security breach was first detected last Wednesday at Change Healthcare, a division of UnitedHealth Group, and two senior federal law enforcement officials told the New York Times that the hackers appear to be from another country.

In a filing with the U.S. Securities and Exchange Commission, UnitedHealth Group said it had been forced to disconnect some of Change Healthcare’s vast digital network from its clients, and it hasn’t yet been able to restore all of those services.

Change Healthcare handles roughly 15 billion transactions a year, representing nearly one in three U.S. patient records, the Times reported.

This latest cyberattack underscores the vulnerability of health care data, particularly the privacy of patients’ personal information.

Change Healthcare helps pharmacies verify a patient’s insurance coverage for their prescriptions, and some reports indicate that some people have been forced to pay for their prescriptions in cash, the Times reported.

Shortly after UnitedHealth discovered the security breach, the company shut down several services, including those allowing pharmacies to quickly check what a patient owes for a medication, the Times reported

While national drug store chains like Walgreens report limited effects, smaller pharmacies tell a different story.

“For the last week, it has been hit or miss about whether we can take care of patients,” said Dared Price, who operates seven pharmacies in Kansas. While patients can pay cash if the medication is inexpensive, he noted that some of his customers can’t get more costly treatments for flu or COVID because their insurance status couldn’t be confirmed.

“It’s a debacle,” Price said.

Meanwhile, Tricare, which covers the U.S. military, said its pharmacies in the United States and abroad now have to fill prescriptions manually, delaying the dispensing of critical medications.

On Tuesday, the company reiterated that the affected services would likely be unavailable for at least another day.

“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” Change Healthcare said in a statement. “We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.”

UnitedHealth, whose sprawling businesses touch all areas of health care, was likely a particularly tempting target for hackers, experts said.

“If you’re going to go after stealing records, you want to go after the biggest pot of records you can get,” Fred Langston, chief product officer for the cybersecurity firm Critical Insight, told the Times. “You’re literally hitting the jackpot.”

But UnitedHealth is not alone in its vulnerability: The industry has seen an increasing number of cyberattacks, Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told the Times.

According to federal officials, large breaches of health care data have nearly doubled from 2018 to 2022.

More information

Visit for more on health information security.

SOURCE: U.S. Securities and Exchange Commission, filing, Feb. 21, 2024; New York Times