On this photo illustration the UnitedHealth Group logo displayed on a smartphone screen.
Sheldon Cooper | Sopa Images | Lightrocket | Getty Images
UnitedHealth Group has paid out a further $1 billion to providers which have been impacted by the Change Healthcare cyberattack since last week, bringing the whole amount of funds advanced to greater than $3.3 billion, the corporate said on Wednesday.
UnitedHealth, which owns Change Healthcare, discovered in February that a cyber threat actor had breached a part of the unit’s information technology network. Change Healthcare processes greater than 15 billion billing transactions annually, and 1 in every 3 patient records passes through its systems, according to its website.
The corporate disconnected the affected systems “immediately upon detection” of the threat, according to a filing with the Securities and Exchange Commission. The interruptions left many health-care providers temporarily unable to fill prescriptions or get reimbursed for his or her services by insurers.
Many health-care providers depend on reimbursement money flow to operate, so the fallout has been substantial. Smaller and mid-sized practices told CNBC they were making tough decisions about how to stay afloat. A survey published by the American Hospital Association earlier this month found that 94% of hospitals have experienced financial disruptions from the attack.
In consequence, UnitedHealth introduced its temporary funding assistance program to help providers in need of support. The corporate said the $3.3 billion in advances is not going to need to be repaid until claims flows return to normal. Federal agencies just like the Centers for Medicare & Medicaid Services have introduced additional options to be certain that states and other stakeholders could make interim payments to providers, according to a release.
UnitedHealth has been working to restore Change Healthcare’s systems in recent weeks, and it expects some disruptions will proceed into April, according to its website. The corporate began processing a backlog of greater than $14 billion in claims on Friday, and on Wednesday said, “claims have begun to flow.”
Shares of UnitedHealth have fallen greater than 6% since the attack was disclosed.
Late last month, the corporate said the ransomware group Blackcat is behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
The Department of State on Wednesday announced it’s offering a reward of up to $10 million for information that would help discover or locate cyber actors linked to Blackcat.
UnitedHealth said Wednesday that it’s “still determining the content of the information that was taken by the threat actor.” The corporate said a “leading vendor” is analyzing the affected data. United Health is working closely with law enforcement and third parties like Palo Alto Networks and Google’s Mandiant to assess the attack.
“We proceed to be vigilant, and to date haven’t seen evidence of any data having been published on the net,” UnitedHealth said. “And we’re committed to providing appropriate support to people whose data is found to have been compromised.”
Rep. Jamie Raskin, D-Md., rating member of the House Committee on Oversight and Accountability, wrote a letter to UnitedHealth CEO Andrew Witty on Monday requesting information in regards to the “scope and extent” of the breach.
Raskin asked Witty for details about when Change Healthcare notified its clients in regards to the breach, what specific infrastructure and knowledge was targeted and what cybersecurity procedures the corporate has in place. The committee requested written responses “no later” than April 8.
“Given your organization’s dominant position within the nation’s health care and medical health insurance industry, Change Healthcare’s prolonged outage in consequence of the cyberattack has already had ‘significant and far-reaching’ consequences,” Raskin wrote.
The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented magnitude of the cyberattack,” according to a press release.