UnitedHealth still handling Change Healthcare fallout

UnitedHealth Group is still being described in market commentary as managing the aftereffects of the Change Healthcare cyberattack more than two years after the breach was disclosed. A May 24, 2026 note from ad-hoc-news said the company remained under scrutiny for the lingering impact of the 2024 incident on claims operations and broader business performance. The disruption began on February 21, 2024, when UnitedHealth disclosed in an SEC filing that a suspected nation-state-linked threat actor had gained access to some Change Healthcare information technology systems. The company said it isolated affected systems immediately and could not then estimate the duration or extent of the disruption. That matters because Change Healthcare was not a peripheral software vendor. (ad-hoc-news.de) It handled claims and payment infrastructure used across the U.S. health system, making the outage a bottleneck for providers, pharmacies and payers that depended on those connections. UnitedHealth said on March 7, 2024 that the attack had hit Change Healthcare’s claims and payment infrastructure and created challenges for pharmacy, medical claims and payment systems. (sec.gov) ### Why would the effects still show up in 2026? The May 24, 2026 market note did not present new company disclosures, but it pointed back to a problem UnitedHealth itself had already described in filings and earnings materials: restoring service was not the same as instantly normalizing workflows. The note said the company was still dealing with the cyberattack’s lingering effects alongside Medicare Advantage cost pressures. (sec.gov) UnitedHealth’s own 2024 reporting showed the attack had operational and financial consequences well beyond the initial outage window. In first-quarter 2024 results released April 16, 2024, the company said earnings reflected $0.74 per share of impacts from the cyberattack, including $0.49 per share tied to direct response efforts such as clearinghouse platform restoration and higher medical care spending after some care-management activities were suspended to help providers with workflow processes. (ad-hoc-news.de) Those disclosures point to the mechanics behind the “lingering fallout” language: once a central clearing node fails, claims do not simply pause in one place. They have to be rerouted, entered through alternate channels, reconciled later and checked for downstream errors. UnitedHealth said in March 2024 that it was urging clients to use workarounds, “in particular” a new iEDI claim submission system, while it reestablished connectivity to its claims network. (unitedhealthgroup.com) ### What did UnitedHealth say it had to do during the outage? March 7, 2024 was the first detailed roadmap UnitedHealth gave for restoring key services. The company said electronic payment functionality would begin reconnecting on March 15 and that medical claims connectivity testing would begin March 18, with restoration through that week. (sec.gov) April 16, 2024 brought the clearest measure of how much support UnitedHealth said it had to extend to the system. The company said it had provided more than $6 billion in advance funding and interest-free loans to care providers affected by the disruption. April 22, 2024 added another layer to the response, with UnitedHealth saying it was updating people who may have been affected by the data review while also reporting progress in restoring Change Healthcare services. (sec.gov) That meant the company was handling both transaction recovery and the separate burden of breach notification and support. (unitedhealthgroup.com) ### Is UnitedHealth still publicly tying current results to the cyberattack? July 29, 2025 showed the company was still referencing the incident in year-over-year comparisons. In second-quarter 2025 results, UnitedHealth said its operating cost ratio reflected, among other factors, “reduced impacts” from the prior year’s Change Healthcare cyberattack. (unitedhealthgroup.com) April 21, 2026 earnings materials no longer foregrounded Change Healthcare in the way 2024 filings did, instead emphasizing modernization, interoperability, artificial intelligence and cybersecurity investments. That shift suggests the company has moved from acute outage response to broader remediation and system hardening, though the May 2026 market note indicates investors are still being reminded of the original disruption. (sec.gov) ### Where would the next concrete update appear? UnitedHealth’s next verifiable disclosures are most likely to come through its earnings releases, SEC filings and investor materials rather than through standalone cyber updates. The company’s newsroom and financial reports pages continue to post quarterly results and related remarks, including the April 21, 2026 first-quarter release. (unitedhealthgroup.com 1) (unitedhealthgroup.com 2)