PHOENIX — A cyber attack on Change Healthcare’s technology systems is impacting the ability of some patients to fill prescriptions at local pharmacies.

UnitedHealth Group, which acquired Change Healthcare in October 2022, filed a report to the U.S. Securities and Exchange Commission on Wednesday providing details of the incident.

“UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident,” the group said in the report.

The report went on to say that certain networks and transactions would not be accessible.

Pharmacies like CVS and Walgreens have reported delays in getting prescriptions to customers as a result.

The Naval Hospital Camp Pendleton also reported disruptions, saying outpatient prescriptions were being processed manually until the issue is resolved.

Where to find updates

Updates to the event have been posted on a health-tech service business website that is part of the UnitedHealth Group umbrella called Optum.

“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” Optum said in a recent update.

The issue was first cited by the Cybersecurity & Infrastructure Security Agency (CISA) as CVE-2024-1709 on Thursday.

CISA described the critical vulnerability and exposure (CVE) as, “an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices.”

No timetable has been set for when operations will return back to normal.

Follow @GrandpaKeebs