---
schema_version: "secwatch.filing_event.v1"
accession: "0000731766-24-000045"
form_type: "8-K"
ticker: "UNH"
cik: "0000731766"
company_name: "UNITEDHEALTH GROUP INC"
filed_at: "2024-02-22T23:59:59+00:00"
generated_at: "2026-06-05T21:19:16.445472+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.7
calibrated_materiality_score: 0.7
confidence: "high"
source: SEC EDGAR
---

# UnitedHealth reports cyber breach at Change Healthcare by suspected nation-state actor

## Summary
- Suspected nation-state threat actor gained access to Change Healthcare IT systems on Feb 21, 2024.
- Company isolated impacted systems; working with law enforcement and leading security experts.
- Network interruption specific to Change Healthcare; all other company systems operational.
- Cannot estimate duration or extent of disruption; updates at status.changehealthcare.com.
- As of filing, company has not determined incident is reasonably likely to materially impact financials.

## SEC filing metadata
- accession: 0000731766-24-000045
- form_type: 8-K
- ticker: UNH
- cik: 0000731766
- company_name: UNITEDHEALTH GROUP INC
- filed_at: 2024-02-22T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.7
- calibrated_materiality_score: 0.7
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/0000731766-24-000045-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0000731766-24-000045
- JSON: https://secwatch.observer/filing/0000731766-24-000045.json
- Plain text: https://secwatch.observer/filing/0000731766-24-000045.txt

## Key facts
- Cybersecurity Incidents
  UNITEDHEALTH GROUP INC disclosed a cybersecurity incident: a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Impact: the Company proactively isolated the impacted systems from other connecting systems; working to restore systems but cannot estimate the duration or extent of the disruption; certain networks and transactional services may not be accessible. Company determined it not material. Discovered 2024-02-21.
  - Nature: a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems
  - Impact: the Company proactively isolated the impacted systems from other connecting systems; working to restore systems but cannot estimate the duration or extent of the disruption; certain networks and transactional services may not be accessible
  - Materiality: not material
  - Discovery: 2024-02-21
  source text: As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
  evidence_url: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/0000731766-24-000045-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.