UnitedHealth Group has paid out an extra $1 billion to providers affected by the Change Healthcare assault since last week, bringing the total amount advanced to more than $3.3 billion, the firm announced on Wednesday.
UnitedHealth, which owns Change Healthcare, found in February that a cyber threat actor had accessed a portion of the company’s information technology network. According to its website, Change Healthcare conducts over 15 billion billing transactions each year, and one out of every three patient records passes through its systems.
The corporation disconnected the vulnerable systems “immediately upon detection” of the danger, according to a Securities and Exchange Commission filing. The outages left many health-care providers momentarily unable to fill prescriptions or receive reimbursement for their Insurers provide several services.
Many health-care providers rely on reimbursement cash flow to function, therefore the consequences have been significant. Smaller and mid-sized practices told CNBC that they were facing difficult decisions about how to stay alive. According to a poll conducted by the American Hospital Association earlier this month, 94% of hospitals have faced financial interruptions as a result of the attack.
As a result, UnitedHealth implemented a temporary funding assistance program to assist providers in need. The business stated that the $3.3 billion in advances will not have to be repaid until claims flows return to normal. According to a press release, federal agencies such as the Centers for Medicare and Medicaid Services have proposed new methods to ensure that states and other stakeholders can make interim payments to providers.
UnitedHealth has been attempting to restore Change Healthcare’s systems in recent weeks, and it anticipates that some interruptions will persist throughout April, according to its website. On Friday, the business began processing a backlog of over $14 billion in claims, and on Wednesday, it said that “claims have begun to flow.”
Since the attack was announced, UnitedHealth’s stock has declined by more than 6%.
Late last month, the business stated that the ransomware gang Blackcat was responsible for the attack. Blackcat, also known as Noberus and ALPHV, takes sensitive material from organizations and threatens to expose it unless a ransom is paid, according to a December press release from the US Department of Justice.
The Department of State said on Wednesday that it will offer a reward of up to $10 million for information that will help identify or locate cyber criminals associated to Blackcat.
UnitedHealth stated on Wednesday that it is “still determining the content of the data that was taken by the threat actor.” According to the corporation, a “leading vendor” is analyzing the compromised data. United Health is collaborating with law enforcement and third parties such as Palo Alto Networks and Google’s Mandiant to assess the assault.
“We continue to be vigilant, and to date have not seen evidence of any data having been published on the web,” the company added. “And we are committed to providing appropriate support to people whose data is found to have been compromised.”
Rep. Jamie Raskin, D-Maryland, ranking member of the House Committee on Oversight and Accountability, issued a letter to UnitedHealth CEO Andrew Witty on Monday asking details regarding the “scope and extent”of the breach.
Raskin pressed Witty for details on when Change Healthcare alerted its clients about the intrusion, what specific infrastructure and information was compromised, and what cybersecurity protocols the company has in place. The committee asked written comments “no later” than April 8.
“Given your company’s dominant position in the nation’s health care and health insurance industry, Change Healthcare’s prolonged outage as a result of the cyberattack has already had ‘significant and far-reaching’ consequences,” Raskin said in a statement.
The Biden administration also began a probe into UnitedHealth earlier this month, citing the “unprecedented magnitude of the cyberattack,” according to a statement.
UnitedHealth Group has paid more than $3 billion to providers following cyberattack
