UnitedHealth paid over $2 billion to providers after cyber attack

UnitedHealth Group said Monday that more than 2 billion dollars to help healthcare providers who were affected by the cyber attack against subsidiary Change Healthcare.

“We continue to make significant progress in restoring services affected by this cyberattack,” UnitedHealth CEO Andrew Whitty said in press release. “We know this is a huge challenge for healthcare providers and we encourage anyone in need to contact us.”

UnitedHealth disclosed nearly a month ago that a cyber threat actor had breached a portion of Change Healthcare’s information technology network. The fallout wreaked havoc on the US health care system. Change Healthcare offers e-prescribing software and payment management tools, so the outages left many providers temporarily unable to deliver drugs or receive reimbursement for their services from insurers.

UnitedHealth said Monday it has begun rolling out medical claims preparation software that will be available to thousands of customers in the next few days. The company called it “an important step to resume services.”

On Friday, UnitedHealth said it had restored Change Healthcare’s electronic payment platform after restarting 99 percent of the pharmacy network’s services earlier this month. It also introduced a temporary funding assistance program to help health care providers experiencing cash flow problems due to the attack.

UnitedHealth said the advances will not have to be paid until claim flows return to normal. Federal agencies such as the Centers for Medicare and Medicaid Services have enter additional options to ensure that states and other stakeholders can make interim payments to suppliers, according to a release.

That’s the finding of a study published by the American Hospital Association on Friday 94% of hospitals have suffered financial disruption from the Change Healthcare attack. More than 60% of the 1,000 hospitals surveyed estimated revenue at around $1 million per day. Responses were collected between March 9 and 12.

“We continue to call on Congress and the administration to take additional action now to support providers as they deal with the significant fallout from this historic attack,” AHA ​​Executive Director Rick Pollack said in the release.

The Biden administration announced Wednesday that it had opened an investigation into the company because of the “unprecedented scale of the cyber attack.”

The U.S. Department of Health and Human Services’ Office for Civil Rights is conducting the investigation. OCR enforces the Health Insurance Portability and Accountability Act’s security, privacy, and breach notification rules that most health plans, providers, and clearinghouses are required to follow to protect health information.

UnitedHealth did not disclose what data was compromised in the attack or whether it cooperated with the cyber threat actor to restore systems. The company said it is working closely with law enforcement and third parties such as Google Cloud’s Palo Alto Networks and Mandiant to assess the breach.