UnitedHealth Group paid more than $2 billion to providers after attack


UnitedHealth Group Inc. is headquartered in Minnetonka, Minnesota, USA.

Mike Bradley | Bloomberg | fake images

UnitedHealth Group said Monday that it has paid more than $2 billion to help health care providers who have been affected by the cyberattack on its Change Healthcare subsidiary.

“We continue to make significant progress in restoring services impacted by this cyberattack,” UnitedHealth CEO Andrew Witty said in a news release. “We know this has been a huge challenge for healthcare providers and we encourage anyone in need to contact us.”

UnitedHealth revealed nearly a month ago that a cyber threat actor breached part of Change Healthcare's information technology network. The consequences have wreaked havoc on the entire US healthcare system. Change Healthcare offers electronic prescription software and payment management tools, so the disruptions left many providers temporarily unable to fill medications or receive reimbursement for their services from insurers.

UnitedHealth said Monday it began rolling out medical claims preparation software, which will be available to thousands of customers in the coming days. The company called it “an important step in the resumption of services.”

On Friday, UnitedHealth said it restored Change Healthcare's electronic payments platform, after restarting 99% of its pharmacy network services earlier this month. It also introduced a temporary financial assistance program to help healthcare providers experiencing cash flow problems due to the attack.

UnitedHealth said the advances will not need to be refunded until the flow of applications returns to normal. According to a statement, federal agencies such as the Centers for Medicare and Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers.

A survey released by the American Hospital Association on Friday found that 94% of hospitals have experienced financial disruption due to the Change Healthcare attack. More than 60% of the 1,000 hospitals surveyed said the impact on their revenue has been around $1 million a day. Responses were collected between March 9 and 12.

“We continue to call on Congress and the Administration to take additional steps now to support providers as they face the significant consequences of this historic attack,” AHA ​​CEO Rick Pollack said in the statement.

The Biden administration announced Wednesday that it launched an investigation into the company due to the “unprecedented magnitude of the cyberattack.”

The U.S. Department of Health and Human Services' Office for Civil Rights is conducting the investigation. OCR enforces the security, privacy, and breach notification rules of the Health Insurance Portability and Accountability Act, which most health plans, providers, and clearinghouses must follow to protect health information.

UnitedHealth has not disclosed what type of data was compromised in the attack or whether it cooperated with the cyber threat actor to restore systems. The company said it has been working closely with authorities and third parties such as Palo Alto Networks and Google Cloud's Mandiant to evaluate the breach.

LOOK: Dr. Scott Gottlieb on the UnitedHealth hack

scroll to top