UnitedHealth Group reported on Monday that it has disbursed over $2 billion to assist healthcare providers affected by the cyberattack on its subsidiary, Change Healthcare.
UnitedHealth CEO Andrew Witty said they’re doing well fixing the issues from the cyberattack. He knows it’s been hard for healthcare workers. They’re telling anyone who needs help to get in touch with them.
Nearly a month ago, UnitedHealth disclosed that a cyber threat actor had breached part of Change Healthcare’s IT network, disrupting the U.S. healthcare system. Change Healthcare offers e-prescription software and payment management tools, leaving many providers temporarily unable to fill medications or receive reimbursements.
On Monday, UnitedHealth announced the release of medical claims preparation software, which will be accessible to thousands of customers in the coming days, marking “an important step in the resumption of services.”
Earlier this month, UnitedHealth restored 99% of its pharmacy network services and reinstated Change Healthcare’s electronic payments platform. They also started a short-term program to help healthcare providers who were having money problems because of the attack.
Repayments for the assistance provided by UnitedHealth will be deferred until claims flows return to normal. Federal agencies, including the Centers for Medicare & Medicaid Services, have introduced additional options to facilitate interim payments to providers amidst the crisis.
A survey by the American Hospital Association revealed that 94% of hospitals experienced financial disruptions from the cyberattack, with over 60% estimating revenue losses of approximately $1 million per day.
AHA CEO Rick Pollack urged Congress and the Administration to take swift action to support providers grappling with the fallout from the attack.
The Biden administration announced on Wednesday that it has initiated an investigation into the cyberattack’s unprecedented magnitude. The U.S. Department of Health and Human Services’ Office for Civil Rights is leading the inquiry, enforcing security, privacy, and breach notification rules outlined in the Health Insurance Portability and Accountability Act.
UnitedHealth has not disclosed the extent of the compromised data or whether it collaborated with the cyber threat actor to restore systems. The company stated it has been collaborating closely with law enforcement and third-party entities such as Palo Alto Networks and Google Cloud’s Mandiant to assess the breach.