UnitedHealth Group paid more than $3 billion to providers since cyberattack

UnitedHealth Group has paid an additional $1 billion to providers who have been affected by the Change Healthcare cyberattack since last week, bringing the total amount of funds advanced to more than $3.3 billion, the company said Wednesday.

UnitedHealth, which owns Change Healthcare, discovered in February that a cyber threat actor had breached part of the unit's information technology network. Change Healthcare processes more than 15 billion billing transactions annually and 1 in 3 patient records pass through its systems, according to its website.

The company took the affected systems offline “immediately upon detecting” the threat, according to a filing with the Securities and Exchange Commission. The disruptions left many health care providers temporarily unable to fill prescriptions or obtain reimbursement for their services from insurers.

Many healthcare providers rely on reimbursement cash flow to operate, so the consequences have been substantial. Smaller and midsize practices told CNBC they were making difficult decisions about how to stay afloat. A survey released by the American Hospital Association earlier this month found that 94% of hospitals have experienced financial disruption due to the attack.

As a result, UnitedHealth introduced its temporary financial assistance program to help providers in need of support. The company said the $3.3 billion in advances will not need to be repaid until claims flows return to normal. According to a statement, federal agencies such as the Centers for Medicare and Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers.

UnitedHealth has been working to restore Change Healthcare's systems in recent weeks and expects some outages to continue into April, according to its website. The company began processing a backlog of more than $14 billion in claims on Friday, and on Wednesday said “claims have started flowing in.”

UnitedHealth shares have fallen more than 6% since the attack was revealed.

Late last month, the company said the Blackcat ransomware group is behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December statement from the US Department of Justice.

The State Department announced Wednesday that it will offer a reward of up to $10 million for information that could help identify or locate cyber actors linked to Blackcat.

UnitedHealth said Wednesday that it is “still determining the content of the data the threat actor took.” The company said a “leading vendor” is analyzing the affected data. United Health is working closely with authorities and third parties such as Palo Alto Networks and Google's Mandiant to evaluate the attack.

“We continue to remain vigilant and to date have seen no evidence that any data has been posted on the web,” UnitedHealth said. “And we are committed to providing appropriate support to people whose data has been compromised.”

Rep. Jamie Raskin, D-Md., ranking member of the House Oversight and Accountability Committee, wrote a letter to UnitedHealth CEO Andrew Witty on Monday, requesting information about the “scope and extent” of the rape.

Raskin asked Witty for information about when Change Healthcare notified its customers of the breach, what specific infrastructure and information was attacked, and what cybersecurity procedures the company has in place. The committee requested written responses “no later than” April 8.

“Given your company's dominant position in the national healthcare and health insurance industry, Change Healthcare's prolonged disruption as a result of the cyberattack has already had 'significant and far-reaching' consequences,” Raskin wrote.

The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented magnitude of the cyberattack,” according to a statement.