In this photo illustration the UnitedHealth Group logo displayed on a smartphone screen.
Sheldon Cooper | Sopa Images | Lightrocket | Getty Images
UnitedHealth Group has paid out an additional $1 billion to providers that have been impacted by the Change Healthcare cyberattack since last week, bringing the total amount of funds advanced to more than $3.3 billion, the company said on Wednesday.
UnitedHealth, which owns Change Healthcare, discovered in February that a cyber threat actor had breached part of the unit’s information technology network. Change Healthcare processes more than 15 billion billing transactions annually, and one in every three patient records passes through its systems, according to its website.
The company disconnected the affected systems “immediately upon detection” of the threat, according to a filing with the SEC. The interruptions left many health-care providers temporarily unable to fill prescriptions or get reimbursed for their services by insurers.
Many health-care providers rely on reimbursement cash flow to operate, so the fallout has been substantial. Smaller and mid-sized practices told CNBC they were making tough decisions about how to stay afloat. A survey published by the American Hospital Association earlier this month found that 94% of hospitals have experienced financial disruptions from the attack.
As a result, UnitedHealth introduced its temporary funding assistance program to help providers in need of support. The company said the $3.3 billion in advances will not need to be repaid until claims flows return to normal. Federal agencies like the Centers for Medicare & Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers, according to a release.
UnitedHealth has been working to restore Change Healthcare’s systems in recent weeks, and it expects some disruptions will continue into April, according to its website. The company began processing a backlog of more than $14 billion in claims on Friday, and on Wednesday said, “claims have begun to flow.”
Shares of UnitedHealth have fallen more than 6% since the attack was disclosed.
Late last month, the company said the ransomware group Blackcat is behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
The Department of State on Wednesday announced it’s offering a reward of up to $10 million for information that could help identify or locate cyber actors linked to Blackcat.
UnitedHealth said Wednesday that it’s “still determining the content of the data that was taken by the threat actor.” The company said a “leading vendor” is analyzing the impacted data. United Health is working closely with law enforcement and third parties like Palo Alto Networks and Google‘s Mandiant to assess the attack.
“We continue to be vigilant, and to date have not seen evidence of any data having been published on the web,” UnitedHealth said. “And we are committed to providing appropriate support to people whose data is found to have been compromised.”
Rep. Jamie Raskin, D-Md., ranking member of the House Committee on Oversight and Accountability, wrote a letter to UnitedHealth CEO Andrew Witty on Monday requesting information about the “scope and extent” of the breach.
Raskin asked Witty for information about when Change Healthcare notified its clients about the breach, what specific infrastructure and information was targeted and what cybersecurity procedures the company has in place. The committee requested written responses “no later” than April 8.
“Given your company’s dominant position in the nation’s health care and health insurance industry, Change Healthcare’s prolonged outage as a result of the cyberattack has already had ‘significant and far-reaching’ consequences,” Raskin wrote.
The Biden administration also launched an investigation into UnitedHealth earlier this month due to the “unprecedented magnitude of the cyberattack,” according to a statement.