UnitedHealth Cyberattack is ‘A Mess’, Ongoing Fallout Poses Threat to Financial Health of Medical Providers

Written by Mitchell Langley

March 7, 2024

AlphV Received a $22 Million Payment After Change Healthcare Ransomware Attack, the Second Largest Ransom Payment!

Medical providers in Minnesota are describing the aftermath of the UnitedHealth Cyberattack as an “absolute mess” that poses a threat to their financial stability. Multiple lawsuits followed causing a serious issue for UnitedHealth and Change Healthcare.

The ongoing fallout from the Change Healthcare Ransomware Attack has created a mess in the healthcare billing system, making it difficult for providers to receive timely payments and manage their finances effectively. This situation raises concerns about the financial health of these medical providers.

Lawsuits have been filed in Minnesota, alleging that the healthcare giant, UnitedHealth Group, did not take sufficient measures to prevent a cyberattack that is still causing problems for healthcare providers. The company has reported progress in addressing the issue.

Healthcare providers in Minnesota are expressing concerns about ongoing difficulties in billing health insurers due to a cyberattack last month on a UnitedHealth Group subsidiary Change Healthcare. There is a delay of several weeks before submitted claims are paid.  

However, hospitals and clinics fear that they may soon face a financial strain due to the billing complications. This could make it challenging for them to cover payroll and supply costs. It may take several months to resolve and rectify the situation.

UnitedHealth Group has reported that they are making significant progress in implementing workarounds and fixes to restore the payment system.

However, hospital and physician groups have emphasized that many healthcare providers continue to face significant challenges related to patient scheduling, cost estimation, and other issues. They are urging for immediate financial relief to address the consequences of the UnitedHealth Cyberattack.  

Multiple Federal Lawsuits Filed Against UnitedHealth

This week, additional repercussions of the cyberattack have surfaced, including federal lawsuits filed against UnitedHealth and reports suggesting that a ransom may already have been paid to the hackers.

“What we are hearing is hundreds of millions of dollars of claims are just sitting because they’ve not been able to go through this pipeline that’s been shut off,”

“So there’s a scramble to get to other pipelines.”

Dr. Rahul Koranne, chief executive of the Minnesota Hospital Association.

UnitedHealth Halted Operations of Data Clearing House Change Healthcare After the Ransomware Attack

Following the UnitedHealth Cyberattack on February 21st, the company decided to temporarily halt operations of the electronic data clearinghouse provided by Change Healthcare.

This widely utilized system, utilized by pharmacies, hospitals, and clinics, has processed approximately 50% of all medical claims in the United States in recent years.

In response to the financial challenges faced by healthcare providers due to the cyber attack, UnitedHealth introduced a financial assistance program last week.

However, the American Hospital Association criticized the program on Monday, deeming it insufficient. They expressed that UnitedHealth can do more to address the extensive consequences of the cyber attack.

In response to the challenges faced by healthcare providers, the federal government announced measures on Tuesday to offer assistance. However, the American Medical Association has raised concerns that these measures do not adequately address the extent of the issue.

UnitedHealth Group says its technical work is helping preserve patient access to medications.

“We continue to see pharmacy claims flowing at near-normal levels,” 

The company said in an update.

“While some pharmacies are still unable to submit claims, we are making progress toward full restoration.”

The UnitedHealth Cyberattack Caused Issues with Prescriptions That are ‘Very Serious’, Claims Lawsuits Against UnitedHealth

According to John Hoeschen, the owner of St. Paul Corner Drug, the remaining problems stemming from the cyberattack are quite severe.

Although his pharmacy mostly uses a clearinghouse other than Change Healthcare, Hoeschen is still facing difficulties in submitting claims for Medicare Part B payments. As a result, he has accumulated a backlog of claims that he hasn’t been able to process for approximately two weeks.

“If you can’t submit a claim, you can’t get paid for a claim,”
“It’s a mess — it’s an absolute mess. And I don’t know when it’s going to get resolved.”

John Hoeschen – owner of St. Paul Corner Drug Store

Lawsuits Claim That Patients Are Unable to Seek Insurance Claims

The impact on pharmacy patients is becoming evident, as highlighted by lawsuits recently filed in the U.S. District Court in Minnesota.

One of the filings involves a California resident who was informed that due to the issue caused by the cyberattack, he would have to pay the full price for his medication and then seek reimbursement through an insurance claim.

The plaintiff expressed hesitation in seeking further medical care until assurance is provided regarding the security of their information and acceptance of their insurance coverage. These lawsuits emphasize the concerns and uncertainties faced by patients as a result of the cyberattack.

Another lawsuit has been filed by a patient from California, stating that the inability to fill a prescription has exposed them to potential negative health risks. The lawsuit highlights the serious consequences that patients may face as a result of the cyberattack’s impact on the healthcare system.

[UnitedHealth Group] is responsible for the data breach because it failed to implement reasonable security procedures and practices and failed to disclose material facts surrounding its deficient security protocols,”

Lawsuit Claims

UnitedHealth Group has not provided any comments regarding the class-action lawsuits that have been filed against them.

UnitedHealth Cyberattack Impacts Medical Practices and Claims That Will Take Even Longer for Recovery

UnitedHealth Group has acknowledged that the recovery of systems for filing medical claims may take longer compared to pharmacy systems.

The company stated that approximately 90% of these claims are being processed without interruption. However, healthcare providers in Minnesota argue that this statement does not fully reflect the extent of disruption they are experiencing.

The Minnesota Hospital Association is actively engaging with the administration of Governor Tim Walz and the state’s congressional delegation to explore the possibility of expediting payments from government programs such as Medicare and Medicaid.

This initiative aims to provide much-needed financial support to healthcare providers who are facing cash flow challenges.

Allina Health, based in Minneapolis and operating nine hospitals including Abbott Northwestern, one of the state’s largest medical centers, has implemented manual workarounds to assist patients with insurance coverage and authorizations.

However, the process of submitting claims to insurers has proven to be more challenging. Allina Health acknowledges the difficulties they are facing in this regard.

“We are experiencing a gap in our ability to bill for most of our hospital services,”

Allina health system said in a statement .

Marti Priest, the office manager at Minnesota Voice & Speech Clinic at Hopkins Institute, reports that the system shutdown has resulted in approximately $4,000 worth of claims that their practice is still unable to submit. The ongoing disruption has caused financial difficulties for their clinic.

ALPHV/Blackcat Responsible for the UnitedHealth Cyberattack

UnitedHealth Group initially revealed that the incident was caused by a “nation-state associated cyber security threat actor” who gained access to certain IT systems at Change Healthcare. However, the company later stated that the cyberattack was carried out by a cybercrime threat actor identifying itself as ALPHV/Blackcat.

ALPHV/Blackcat is known for employing data encryption techniques to hold information hostage and demand substantial cryptocurrency payments. While a federal report in February linked Blackcat to Russian cyber criminal groups, cybersecurity expert Brett Callow does not consider them to be state-sponsored, nation-state associated, or specifically Russian.

Hackers Behind the Change Healthcare Ransomware Attack Said to Have Received a $22 Million Payment

Wired magazine reported earlier this week on signs from a Bitcoin account and a cybercriminal underground forum that suggest the alleged hackers might have received a $22 million ransom.

UnitedHealth Group would not comment, beyond saying the company is “focused on the investigation.”

The biggest cyber-ransom paid to date was about $40 million, said Callow, an analyst with the cybersecurity firm Emsisoft. Massive payments encourage the attackers and provide them with resources to scale their operations, he said.

“We know that $22 million was paid into a wallet belonging to ALPHV, and we know that someone claiming to be an affiliate of ALPHV stated that the money was paid by Change,”
“While this does not prove that Change paid, it certainly points to it.”

Callow said of the report in Wired magazine.

UnitedHealth Group has stated that, apart from the systems at Change Healthcare, their other systems, including those at UnitedHealthcare insurance business and the Optum division for healthcare services, were not impacted by the cyberattack. This provides assurance that those specific divisions remain unaffected.

Reuters recently reported on an apparent “exit scam” by the hackers. This refers to a strategy where criminals falsely assert that their website has been disabled by law enforcement, aiming to evade making payments to their accomplices in criminal activities.

This development highlights the complex tactics employed by cybercriminals in an attempt to avoid detection and consequences.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!