Health News

UnitedHealth Group paid providers more than $3 billion following cyberattack

In this photo illustration the UnitedHealth Group logo seen displayed on a smartphone screen.

Sheldon Cooper | Sopa Images | Light flare | Getty Images

UnitedHealth Group has paid an additional $1 billion to providers affected by the Change Healthcare cyberattack since last week, bringing the total amount of funds advanced to more than $3.3 billion, the company announced Wednesday.

UnitedHealth, owner of Change Healthcare, discovered in February that a cybercriminal had breached part of the unit’s computer network. Change Healthcare processes more than 15 billion billing transactions annually, and one in three patient records passes through its systems, according to its website.

The company disconnected affected systems “immediately upon detection” of the threat, according to an SEC filing. The disruptions have left many health care providers unable to temporarily fill prescriptions or get reimbursed for their services by insurers.

Many healthcare providers rely on cash flow from reimbursements to operate, so the impact has been far-reaching. Small and mid-sized practices told CNBC they are making difficult decisions about how to stay afloat. A survey released by the American Hospital Association earlier this month found that 94% of hospitals experienced financial disruption as a result of the attack.

As a result, UnitedHealth introduced its Temporary Financial Assistance Program to help providers in need of support. The company said the $3.3 billion in advances would not need to be repaid until claims flows return to normal. Federal agencies such as the Centers for Medicare & Medicaid Services have introduced additional options to ensure states and other stakeholders can make interim payments to providers, according to a release.

UnitedHealth has been working to restore Change Healthcare’s systems in recent weeks and expects some disruptions to continue through April, according to its website. The company began processing a claims backlog of more than $14 billion on Friday and said Wednesday that “claims have started to flood in.”

Shares of UnitedHealth have fallen more than 6% since the attack was revealed.

Late last month, the company said the Blackcat ransomware group was behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to release it unless a ransom is paid, according to a December statement from the U.S. Department of Justice.

The State Department announced Wednesday that it would offer a reward of up to $10 million for information that could help identify or locate cyber actors linked to Blackcat.

UnitedHealth said Wednesday that it “is still determining the content of the data that was harvested by the threat actor.” The company said a “leading vendor” was analyzing the affected data. United Health is working closely with law enforcement and third parties like Palo Alto Networks and Google’s Mandiant to assess the attack.

“We remain vigilant and, to date, we have not seen any evidence of data being published on the web,” UnitedHealth said. “And we are committed to providing appropriate assistance to those whose data has been compromised.”

Rep. Jamie Raskin, D-Md., ranking member of the House Committee on Oversight and Accountability, wrote a letter Monday to UnitedHealth CEO Andrew Witty requesting information on the “scope and extent” of the violation.

Raskin asked Witty for information on when Change Healthcare notified its customers of the breach, what specific infrastructure and information was targeted, and what cybersecurity procedures the company had in place. The committee requested written responses “no later than” April 8.

“Given your company’s dominant position in the nation’s healthcare and health insurance industry, Change Healthcare’s extended outage following the cyberattack has already had ‘significant and far-reaching’ consequences” , Raskin wrote.

The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented scale of the cyberattack,” according to a statement.

WATCH: UnitedHealth unit begins processing $14 billion medical claims backlog

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button