UnitedHealth Group Provides $3.3 Billion in Cyberattack Relief to Impacted Providers

UnitedHealth Group has announced that it has provided an additional $1 billion in support to healthcare providers affected by the recent Change Healthcare cyberattack. This brings the total amount of funds advanced to over $3.3 billion. The company, which owns Change Healthcare, reported the update on Wednesday.

In February, UnitedHealth discovered that a cyber threat actor had breached part of Change Healthcare's information technology network. Change Healthcare processes more than 15 billion billing transactions annually, with one in every three patient records passing through its systems, according to its website. The company took immediate action, disconnecting the affected systems upon detection of the threat.

Impact on Healthcare Providers

The cyberattack's interruptions have left many healthcare providers temporarily unable to fill prescriptions or receive reimbursement for their services from insurers. A survey by the American Hospital Association revealed that 94% of hospitals have experienced financial disruptions as a result of the attack. This has led to significant challenges for smaller and mid-sized practices, forcing them to make tough decisions to sustain their operations.

Financial Support Program

Recognizing the critical need for support, UnitedHealth introduced a temporary funding assistance program to aid affected providers. The $3.3 billion in advances will not require repayment until claims flows return to normal. In addition, federal agencies such as the Centers for Medicare & Medicaid Services have implemented measures to enable interim payments to providers.

Restoration Efforts

UnitedHealth has been actively working to restore Change Healthcare's systems, with ongoing efforts expected to continue into April. The company has begun processing a backlog of more than $14 billion in claims, and reports indicate that "claims have begun to flow."

Last month, UnitedHealth disclosed that the ransomware group Blackcat was responsible for the attack. In response, the Department of State has offered a reward of up to $10 million for information that could aid in identifying or locating cyber actors linked to Blackcat. UnitedHealth is collaborating with law enforcement and third-party entities like Palo Alto Networks and Google's Mandiant to thoroughly assess the attack.

The company is currently in the process of determining the content of the data that was taken by the threat actor and is working with a leading vendor to analyze the impacted data. UnitedHealth emphasized its commitment to providing appropriate support to individuals whose data may have been compromised, reassuring that no evidence of data being published on the web has been found to date.

Congressional Inquiries and Government Investigation

Rep. Jamie Raskin, D-Md., ranking member of the House Committee on Oversight and Accountability, has written to UnitedHealth CEO Andrew Witty requesting information about the breach's scope and extent. The Biden administration has also launched an investigation into UnitedHealth, recognizing the unprecedented magnitude of the cyberattack.

Overall, the cybersecurity breach has underscored the critical need for robust cybersecurity measures and prompt responses to safeguard sensitive data and ensure the continuity of essential healthcare services.