UnitedHealth Group Inc. is headquartered in In Minnetonka, Minnesota, United States
Mike Bradley | Bloomberg | Getty Images
UnitedHealth Group On Monday, it said it had paid more than $2 billion to help health care providers affected by the cyberattack on its Change Healthcare subsidiary.
“We continue to make significant progress in restoring services affected by this cyberattack,” UnitedHealth CEO Andrew Witty said in a press release. “We know this has been a tremendous challenge for health care providers and we encourage anyone who needs to contact us.”
UnitedHealth revealed nearly a month ago that a cyber threat actor had compromised part of Change Healthcare's IT network. The fallout has wreaked havoc on the US health care system. Change Healthcare offers e-prescription software and tools for payment management, so the outages left many providers temporarily unable to dispense medications or get reimbursed for their services by insurance companies.
UnitedHealth, which provides care to 152 million people, said Monday it has begun rolling out its Medicare claims preparation program, which will be available to thousands of customers in the next few days. The company described it as “an important step in resuming services.”
UnitedHealth said Friday it has restored Change Healthcare's electronic payments platform, after restarting 99% of the pharmacy network's services earlier this month. It also introduced a temporary financing assistance program to help healthcare providers experiencing cash flow issues due to the attack.
UnitedHealth said the advances will not need to be repaid until claims flows return to normal. Federal agencies such as the Centers for Medicare and Medicaid Services have provided additional options to ensure states and other stakeholders can provide temporary payments to providers, according to the release.
A survey released by the American Hospital Association on Friday found that 94% of hospitals experienced financial disruption due to the Change Healthcare attack. More than 60% of the 1,000 hospitals surveyed estimated revenue at about $1 million per day. Responses were collected between March 9 and 12.
“We continue to call on Congress and the administration to take additional action now to support providers as they deal with the significant fallout from this historic attack,” Rick Pollack, CEO of the American Heart Association, said in the statement.
The Biden administration announced on Wednesday that it had begun an investigation into the company due to the “unprecedented scale of the cyber attack.”
The US Department of Health and Human Services' Office for Civil Rights is investigating. The OCR enforces the Health Insurance Portability and Accountability Act's security, privacy, and breach notification rules, which most health plans, providers, and clearinghouses are required to follow to protect health information.
UnitedHealth did not disclose what type of data was compromised in the attack, or whether it cooperated with the cyber threat actor to restore the systems. The company said it is working closely with law enforcement and third parties such as Palo Alto Networks and Google Cloud's Mandiant to evaluate the breach.