UnitedHealth Group's Change Healthcare reported a cybersecurity incident Feb. 21 that disrupted connectivity and healthcare operations nationwide, but Fitch Ratings and Moody's are not expecting the event to affect UnitedHealth's ratings.
"The extent of the access gained through intrusion at Change Healthcare is currently uncertain, but the company has reported that it isolated the affected systems from the broader [UnitedHealth] systems immediately upon detection of the threat," Fitch said in a Feb. 26 news release shared with Becker's. "The company also reported that it is working with leading cybersecurity experts to gain more information on the threat and to minimize its impact."
Fitch said it will continue to monitor the extent of "related financial, operational and/or reputational effects of the incident," but does not expect UnitedHealth's capital position or financial performance to be materially affected.
Moody's said in a Feb. 27 release shared with Becker's that "while definitive conclusion on the effects of this incident would be premature, there are several reasons that the threat should be contained." Those reasons include the immediate disconnection of Change Healthcare's systems from all contact points and UnitedHealth working with leading cybersecurity firms and the FBI.
"At this point, management is confident that Optum, UnitedHealthcare and UnitedHealth Group have not been affected by this issue," Moody's said in the release. "Nevertheless, the ransomware attack poses risks, including heightened regulatory scrutiny. Since the attack, Change Healthcare's systems have been down and customers have to process transactions offline, although most are now using alternative digital options. The longer the systems remain down, the more reputational and legal risks may ensue."