In this photo illustration, the UnitedHealth Group logo is displayed on a smartphone screen.
Sheldon Cooper | Sopa pictures | Light rocket | Getty Images
UnitedHealth Group has paid out an additional $1 billion since last week to providers affected by the Change Healthcare cyberattack, bringing the total amount of funds provided to more than $3.3 billion, the company said Wednesday.
UnitedHealth, which owns Change Healthcare, discovered in February that a cyber threat actor had penetrated part of the unit's IT network. According to its website, Change Healthcare processes more than 15 billion billing transactions annually and one in three patient records passes through its systems.
According to a filing with the Securities and Exchange Commission, the company shut down the affected systems “immediately upon discovery” of the threat. Due to the disruptions, many healthcare providers were temporarily unable to fill prescriptions or receive reimbursement from insurers for their services.
Because many healthcare providers rely on reimbursement cash flow to operate, the impact has been significant. Smaller and mid-sized practices told CNBC they are making difficult decisions about how to stay afloat. A survey released earlier this month by the American Hospital Association found that 94% of hospitals suffered financial disruption as a result of the attack.
That's why UnitedHealth launched its Temporary Financial Assistance Program to help providers who need support. The company said the $3.3 billion in advances would not have to be repaid until claims flows returned to normal. According to a press release, federal agencies such as the Centers for Medicare & Medicaid Services have introduced additional options to ensure states and other stakeholders can make interim payments to providers.
UnitedHealth has been working to restore Change Healthcare's systems in recent weeks and expects some disruptions to continue into April, according to its website. The company began processing a backlog of more than $14 billion in claims on Friday and said Wednesday: “The number of claims has begun.”
Shares of UnitedHealth have fallen more than 6% since the attack was reported.
Late last month, the company announced that the Blackcat ransomware group was behind the attack. According to a December press release from the U.S. Department of Justice, Blackcat, also known as Noberus and ALPHV, steals sensitive data from institutions and threatens to release it unless a ransom is paid.
The State Department announced Wednesday that it is offering a reward of up to $10 million for information that could help identify or locate cyber actors linked to Blackcat.
UnitedHealth said Wednesday that it is “still determining the content of the data collected by the threat actor.” The company said a “leading provider” was analyzing the affected data. United Health is working closely with law enforcement and third parties such as Palo Alto Networks and Google's Mandiant to assess the attack.
“We continue to remain vigilant and have not seen any evidence of data being published online,” UnitedHealth said. “And we are committed to providing appropriate support to people whose data has been compromised.”
Rep. Jamie Raskin, D-Md., ranking member of the House Oversight and Accountability Committee, wrote a letter Monday to UnitedHealth CEO Andrew Witty requesting information about the “scope and extent” of the breach.
Raskin asked Witty for information about when Change Healthcare notified its customers of the breach, what specific infrastructure and information was affected, and what cybersecurity procedures the company has implemented. The committee requested written answers “no later than” April 8.
“Given your company's dominant position in the nation's healthcare and health insurance industry, Change Healthcare's extended outage as a result of the cyberattack has already had 'significant and far-reaching' consequences,” Raskin wrote.
The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented scale of the cyberattack,” according to a statement.
Don't miss these stories from CNBC PRO:
Comments are closed.