UnitedHealth Group Inc. is headquartered in Minnetonka, Minnesota, USA
Mike Bradley | Bloomberg | Getty Images
UnitedHealth Group said Monday that it more than paid off 2 billion dollars to assist healthcare providers affected by the cyber attack on its subsidiary Change Healthcare.
“We continue to make significant progress in restoring services affected by this cyberattack,” UnitedHealth CEO Andrew Witty said in a statement Press release. “We know this is a tremendous challenge for healthcare providers, and we encourage anyone who needs help to reach out to us.”
UnitedHealth announced nearly a month ago that a cyber threat actor breached part of Change Healthcare’s information technology network. The consequences have wreaked havoc throughout the US healthcare system. Change Healthcare offers e-prescription software and payment management tools, so the disruptions left many providers temporarily unable to dispense medications or get their services reimbursed by insurers.
UnitedHealth, which provides care 152 million people, announced Monday that it has begun releasing medical claims preparation software that will be available to thousands of customers in the next few days. The company called it “an important step toward resuming services.”
On Friday, UnitedHealth said it had restored Change Healthcare’s electronic payment platform after restarting 99% of its pharmacy network services earlier this month. A temporary financial assistance program was also introduced to help healthcare providers experiencing cash flow difficulties as a result of the attack.
UnitedHealth said the advances do not have to be repaid until claims flows return to normal. Federal agencies such as the Centers for Medicare & Medicaid Services have done so additional options introduced to ensure states and other stakeholders can make interim payments to providers, a news release said.
This was the result of a survey published on Friday by the American Hospital Association 94% of hospitals have experienced financial disruption due to the Change Healthcare attack. More than 60% of the 1,000 hospitals surveyed estimated the decline in revenue at about $1 million per day. Responses were collected between March 9th and 12th.
“We continue to call on Congress and the administration to take additional action now to help providers address the significant consequences of this historic attack,” AHA CEO Rick Pollack said in the release.
The Biden administration announced Wednesday that it had opened an investigation into the company due to the “unprecedented scale of the cyberattack.”
The U.S. Department of Health and Human Services Office for Civil Rights is conducting the investigation. The OCR enforces the Health Insurance Portability and Accountability Act’s security, privacy, and notification rules, which most health plans, providers, and clearinghouses must follow to protect health information.
UnitedHealth has not disclosed what type of data was compromised in the attack or whether it worked with the cyber threat actor to restore systems. The company said it worked closely with law enforcement and third parties such as Palo Alto Networks and Google Cloud’s Mandiant to assess the breach.
