Summary

Material Cybersecurity Incident

On February 21, 2024, UnitedHealth Group (UHG) identified a cybersecurity breach involving a nation-state associated threat actor targeting the Change Healthcare platform, a subsidiary under Optum. The breach led to the unauthorized access of various systems, prompting immediate isolation of the impacted systems to protect partners and patients. The investigation and remediation efforts are ongoing, with the involvement of leading security experts and law enforcement.

Impact and Response

  • Affected Systems: The incident primarily affected Change Healthcare’s IT systems. As of now, there is no indication that other UHG, Optum, or UnitedHealthcare systems were impacted.
  • Service Disruptions: The breach has caused significant disruptions to various networks and transactional services, particularly affecting electronic payments and pharmacy network services.
  • Mitigation Efforts: UHG has restored key services, including the electronic payments platform and most pharmacy network services. Financial assistance totaling over $2 billion has been advanced to support affected healthcare providers.
  • Security Measures: UHG is working closely with cybersecurity firms Mandiant and Palo Alto Networks to address the incident and secure the systems.

Future Outlook

UHG believes that the incident is not likely to have a material impact on its financial condition or results of operations. However, the company remains vigilant about potential risks, including litigation and regulatory scrutiny, as it continues to address and mitigate the impacts of the cyberattack.

For further information and updates, UHG provides a status portal and regular communications to stakeholders. The company is also conducting educational webinars to assist providers and customers in reconnecting to its networks.

For more details, you can view the full filing on the SEC website here.