Recent Cyberattack on Change Healthcare

Change Healthcare has confirmed through its parent company, UnitedHealth Group, that it was the target of a recent cyberattack. UnitedHealthcare, which is NRECA’s vendor for the NRECA Medical Plan, is the health benefits division of UnitedHealth Group.

The cyberattack, which has affected several Change Healthcare systems and caused delays in receiving and processing claims by retail pharmacies across the country, was detected on February 21, 2024. UnitedHealth Group has indicated that steps were taken to disconnect Change Healthcare systems after identifying the attack, and, as of the date of this article, Change Healthcare was reporting its systems would remain offline until the impacted environment could be restored. 

Impact to NRECA
The nature and scope of this incident as well as the impact to NRECA plan participants is unknown as neither Change Healthcare nor UnitedHealth Group have released any further information about this incident. 

NRECA does not have any service connections directly to Change Healthcare, but the following NRECA plan providers do conduct transactions or have connections to Change Healthcare systems:  United Medical Resources (UMR), CVS Caremark and Teladoc.  

NRECA has confirmed that these providers are currently disconnected from Change Healthcare’s systems. NRECA is closely monitoring NRECA systems that connect with UMR, CVS Caremark and Teladoc.  

What steps NRECA has taken
NRECA is in close communication with these plan service providers and will continue to monitor this situation closely and provide additional information as it becomes available.