Zepbound Savings Card May Not Work

In a recent cyberattack, UnitedHealth Group Inc., the largest health insurer in the United States, has experienced a nationwide outage of a computer network used for transmitting data between healthcare providers and insurance companies. The attack targeted a subsidiary of UnitedHealth, Change Healthcare, and has rendered some pharmacies unable to process prescriptions. This will also affect things like the Zepbound Savings Card.

The cyberattack, which occurred on February 21, was initiated by a suspected nation-state associated cyber threat actor. As a result, UnitedHealth took immediate action to disconnect Change Healthcare’s systems from other parties. The company stated that the incident only impacted Change Healthcare, and all other systems remain operational.

Change Healthcare is a crucial intermediary in the US health insurance market, with its services playing a vital role in facilitating smooth transactions within the industry. The cyberattack highlights the vulnerability of back-end IT software and service providers, which often go unnoticed but are essential for the normal functioning of various sectors, including healthcare, finance, and government services.

UnitedHealth is actively collaborating with law enforcement agencies and security experts to address the issue. However, the company has not provided a timeline for service restoration. It also states that it is yet to determine the potential impact on its financial results.

In response to the cyber threat, Change Healthcare promptly disconnected its systems to prevent further damage and protect its partners and patients. The incident serves as a reminder of the ongoing battle against cyber threats faced by organizations across industries. The disconnect has affected the use of the Zepbound Savings Card among other coupons.

This attack follows a pattern of recent cyberattacks where hackers have targeted providers of back-end IT software and services. The consequences of these attacks can be far-reaching, causing widespread disruptions to customer bases. Last month, a ransomware attack on Tietoevry Oyj, a Finnish information technology company, disrupted services for government agencies, hospitals, retailers, cinemas, and other customers throughout Sweden. In another instance, EquiLend, a financial technology firm in New York, experienced a ransomware attack that temporarily halted some of its services, requiring manual inputting of transactions by trading desks at major banks.

As cyber threats continue to evolve, organizations must remain vigilant and invest in robust security measures to safeguard their systems and protect sensitive information. The healthcare industry, in particular, must prioritize cybersecurity to ensure the uninterrupted delivery of vital services and maintain the trust of patients and partners. The recent cyberattack on UnitedHealth has caused widespread disruptions and raised concerns about the security of healthcare systems. While the full extent of the attack is yet to be known, some impacted organizations have shared information about the situation.

One such organization, BlueCross BlueShield of Montana, acknowledged the systems issues caused by the attack. In a statement posted on their website, they informed patients that certain pharmacies were unable to confirm insurance coverage, potentially leading to delays in filling or refilling medications. To mitigate the inconvenience, they suggested alternative options such as paying out-of-pocket and seeking reimbursement or trying another pharmacy.

To understand the magnitude of this attack, it is important to recognize the size and significance of Change Healthcare, the largest prescription processor in North America. Public filings reveal that the company operates the largest medical electronic data interchange (EDI) clearinghouse in the country. This network serves as a vital link between insurance companies, healthcare providers, and other entities involved in the payment process.

Change Healthcare’s operations are extensive, with a customer base that includes the majority of US payers and providers. The company boasts connections to approximately 2,200 government and commercial payers, 900,000 physicians, 118,000 dentists, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories. Its EDI clearinghouse plays a crucial role, facilitating the flow of over 50% of US medical claims.

The significance of Change Healthcare’s role in the healthcare system was highlighted in a lawsuit filed by the US Department of Justice opposing its acquisition by UnitedHealth. The lawsuit argued that the acquisition would grant UnitedHealth access to rival insurers’ proprietary data, given Change Healthcare’s position as a linchpin in the US healthcare system. However, the Justice Department’s antitrust challenge was unsuccessful, and the acquisition was finalized in October 2022.

In response to the cyberattack, the American Hospital Association, an organization that opposed the acquisition, issued an alert to its member hospitals and healthcare providers. They advised disconnecting their systems from Change Healthcare, which is now part of UnitedHealth’s Optum information technology division.

The UnitedHealth cyberattack serves as a stark reminder of the vulnerabilities within the healthcare industry and the importance of robust cybersecurity measures. It underscores the need for organizations to remain vigilant and proactive in safeguarding sensitive patient data. As the healthcare landscape continues to evolve, ensuring the security and integrity of healthcare systems will remain a critical priority. The cybersecurity incident involving Optum, a major provider of mission-critical services in the healthcare sector, has raised concerns about potential disruptions and cascading effects on revenue cycles, healthcare technologies, and clinical authorizations. In response, experts are recommending that healthcare organizations consider disconnecting from Optum until it is deemed safe to reconnect.

John Riggi, a former FBI cyber official and national adviser for cybersecurity and risk at a hospital group, highlighted the significance of the interruption caused by this incident. Riggi noted that the concentration of services provided by Optum could have far-reaching consequences for the healthcare sector. He emphasized the need for caution and suggested that all healthcare organizations should consider disconnecting from Optum until the situation is resolved.

Meanwhile, the two largest pharmacy chains in the US, CVS and Walgreens Boots Alliance, have reported limited disruptions. This makes processing the Zepbound Savings Card almost impossible. CVS stated that it is still able to fill prescriptions, although there may be challenges in processing insurance claims. The company assured patients that its business continuity plan is in place to ensure continued access to prescriptions. Similarly, Walgreens Boots Alliance confirmed that the majority of prescriptions it fills have not been impacted. For the small percentage that may be affected, the company has implemented procedures to minimize delays and interruptions in prescription processing.

These developments highlight the importance of cybersecurity in the healthcare industry. As the sector becomes increasingly reliant on technology, it is crucial for organizations to remain vigilant and take proactive measures to protect patient data and critical services. The Optum incident serves as a reminder for healthcare organizations to assess their own cybersecurity measures and consider potential risks and contingencies.

Moving forward, it is essential for healthcare organizations to prioritize cybersecurity and invest in robust systems and protocols. Collaboration among industry stakeholders, government agencies, and cybersecurity experts is crucial for developing comprehensive strategies to prevent and mitigate cyber threats. By staying informed, implementing best practices, and fostering a culture of cybersecurity, the healthcare sector can better protect patient safety, privacy, and the integrity of critical services.

So if you use the Zepbound Savings Card or the one for Mounjaro it may not work until all of this gets sorted out.