UnitedHealth Group An additional $1 billion has been paid to providers affected by the Change Healthcare cyberattack since last week, bringing the total advance payments to more than US$3.3 billionthe company said Wednesday.
UnitedHealth, which owns Change Healthcare, discovered in February that cyber threat actors had compromised part of the unit’s information technology network. According to the Change Healthcare website, more than 15 billion billing transactions are processed annually, and 1 in 3 patient records pass through its system.
The company allegedly disconnected affected systems “immediately upon detecting the threat.” a filing and the Securities and Exchange Commission. These disruptions have left many health care providers temporarily unable to fill prescriptions or receive reimbursement for services from insurance companies.
Many healthcare providers rely on reimbursement cash flow to operate, so the impact is significant. Small and medium-sized clinics told CNBC they are making difficult decisions about how to stay afloat. A survey released earlier this month by the American Hospital Association found that 94% of hospitals Suffer financial disruption as a result of the attack.
As a result, UnitedHealth has launched a temporary financial assistance program to help providers in need of support. The company said it does not need to repay the $3.3 billion upfront payment until the claims process returns to normal.Federal agencies such as the Centers for Medicare and Medicaid Services have Additional options introduced to ensure that states and other stakeholders are able to make interim payments to providers, according to a press release.
UnitedHealth, which has been working to restore Change Healthcare’s systems in recent weeks, said it expects some outages to last into April. website. The company on Friday began processing a backlog of more than $14 billion in claims and said on Wednesday that “claims have started flowing.”
UnitedHealth shares have fallen more than 6% since the attack was revealed.
Late last month, the company said ransomware group Blackcat was behind the attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data from organizations and threatens to make it public unless a ransom is paid. Released in December From the U.S. Department of Justice.
The U.S. State Department announced Wednesday it would offer a reward of up to US$10 million Obtain information that may help identify or locate network participants associated with Blackcat.
UnitedHealth said Wednesday it was “still determining the contents of the data obtained by the threat actor.” The company said a “leading vendor” was analyzing the affected data. United Health is working closely with law enforcement and third parties such as Palo Alto Networks and Google’s Mandiant to evaluate this attack.
“We continue to be vigilant and to date have not seen any evidence that data was posted online,” UnitedHealth said. “We are committed to providing appropriate support to those whose data is found to have been compromised.”
Rep. Jamie Raskin, D-Md., ranking member of the House Oversight and Accountability Committee, wrote a letter On Monday, UnitedHealth Chief Executive Andrew Witty asked for information on the “scope and extent” of the breach.
Raskin asked Witty about when Change Healthcare notified its customers of the breach, what specific infrastructure and information was compromised and what cybersecurity procedures the company had in place. The committee requested written responses “no later than” April 8.
“Given your company’s dominant position in the nation’s healthcare and health insurance industries, Change Healthcare’s prolonged service disruption resulting from the cyberattack has had ‘significant and far-reaching’ consequences,” Raskin wrote.
The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented scale of the cyberattack,” a statement said.