Military Pharmacies Return to Full Operation Following Breach by Transnational Hacking Group

medication for a prescription at Naval Hospital Jacksonville Main Pharmacy.
Hospital Corpsman Jackson Pirozzi pulls medication for a prescription at Naval Hospital Jacksonville Main Pharmacy. (Deidre Smith/U.S. Navy)

Military pharmacies have returned to full operations following a crippling cyberattack in February on the company that provides the Defense Health Agency's prescription processing program.

A Defense Health Agency spokesman said Tuesday that normal operations were restored April 2 between military pharmacies and Change Healthcare, one of the country's largest commercial prescription processors.

"A cyberattack on Change Healthcare ... was detected on Feb. 21, 2024. [Change Healthcare] severed all connectivity to DoD pharmacy systems on Feb. 22, 2024. As of April 2, 2024, normal operations have been restored for pharmacies at military clinics and hospitals," DHA spokesman Peter Graves said in an email to

Read Next: Army Expanding Pre-Basic Training Prep Courses to Bring in More Soldiers and Curb Recruiting Crisis

The restoration was first reported by Military Times.

Retail pharmacies across the country, including those aboard military installations, started experiencing disruptions due to the cyberattack Feb. 21 on Change Healthcare. As a result of the breach, military pharmacies were forced to fill prescriptions manually, with priority given to urgent prescriptions.

With the recovery, patients will be able to "access pharmacy services as usual," Graves said.

He added that beneficiaries don't need to take any action unless they used a Tricare network pharmacy and had to pay for their prescriptions during the outage. In that case, they may be able to file a claim for reimbursement.

UnitedHealth Group, owner of Change Healthcare, initially said in a filing with the Securities and Exchange Commission that it suspected a nation-state as being behind the attack. On Feb. 29, Change Healthcare said the "cybercrime threat actor" known as BlackCat/ALPHV was responsible for the breach.

The State Department has offered a reward of up to $10 million for more information or identification of individuals with a leadership position in BlackCat/ALPHV and its ransomware operations.

Shortly after the attack, officials with the Defense Health Agency said that military hospitals and clinics would continue to provide pharmacy services "based on local manning and resources" and urged patience as the issue was resolved.

Change Healthcare halted its connectivity with the military health system as well as Express Scripts, the Tricare health program's pharmacy benefits manager, to protect patients' personal data, defense officials said.

After the breach, Change Healthcare has become the target of at least two dozen class-action lawsuits that allege that the company's security was inadequate. The suits have been filed by patients over concerns of data theft, as well as by providers who said they weren't paid while the system was offline.

Tricare beneficiaries who filled prescriptions at a retail pharmacy and were required to pay full price for their medications as a result of the cybercrime are encouraged to learn more at or call Express Scripts at 877-363-1303, Graves said.

Related: In Reversal, Defense Department Now Wants to Bring Tricare Beneficiaries Back to Military Health System

Story Continues