UnitedHealth is making struggling doctors repay loans issued after last year’s cyberattack
UnitedHealth CEO Andrew Witty testifies before the Senate Finance Committee on Capitol Hill in Washington, May 1, 2024.
Kent Nishimura | Getty Images
Following the massive cyberattack on UnitedHealth Group’s Change Healthcare unit last year, the company launched a temporary funding assistance program to help medical practices with their short-term cash flow needs, offering no-interest loans with no added fees.
A little over a year later, UnitedHealth is aggressively going after borrowers, demanding they “immediately repay” their outstanding balances, according to documents viewed by CNBC and providers who received funding. Some groups have been asked to repay hundreds of thousands of dollars in a matter of days.
Optum, UnitedHealth’s financial, pharmacy and care services arm, is telling borrowers that it reserves the right to “begin offsetting claims payable” to the practices, meaning the company will withhold separate funds until it recoups the loan.
It’s a significant change in posture for the company, which suffered a cyberattack in February 2024 that compromised data from around 190 million Americans, the largest reported health-care breach in U.S. history. The ensuing disruption caused severe fallout across the health-care system, leaving many providers temporarily unable to get paid for their services. Some dipped into their personal savings to keep their practices afloat.
During a Senate hearing about the attack in May, UnitedHealth CEO Andrew Witty said providers would only be required to repay the loans when “they, not me, but they confirm that their cash flow is normalized.”
Several doctors who took advantage of the financing told CNBC that they can’t meet the company’s new demands. Dr. Christine Meyer, an internist who started a practice in Exton, Pennsylvania, received a letter from Optum earlier this month telling her to immediately submit her organization’s payment.
“We are not in any position to start repaying this loan,” Meyer, who started her practice about 20 years ago, told CNBC. She has been a vocal critic of UnitedHealth following the breach.
“I’m just looking at all my legal options at this point,” Meyer said. “But repaying them $750,000 in five days is obviously not going to happen.”
UnitedHealth didn’t comment on specific cases, but a spokesperson for Change Healthcare confirmed that the company has started recouping the loans.
“Now, more than one year post the event and with services restored, we have begun the process of recouping the interest-free funding we provided to providers,” the spokesperson said in a statement.
The company said the U.S. Department of Health and Human Services took the same approach last year “under its own cyber-attack lending program.” HHS launched a separate funding assistance program through the Centers for Medicare & Medicaid Services last March. CMS said it would automatically recoup payments from Medicare claims, and providers could accrue interest, according to a release.
“We continue to work with providers on repayment and other options, and continue to reach out to those providers that have not been responsive to previous calls or email requests for more information,” the Change Healthcare spokesperson said.
Providers were told that UnitedHealth reserved the right to withhold future payments when they signed up for the funding assistance program, the company added. CNBC independently reviewed a copy of a loan agreement for the program and confirmed this statement.
Change Healthcare, which offers payment and revenue cycle management tools, was acquired by Optum in 2022.
After discovering the breach last year, UnitedHealth said it isolated and disconnected the impacted systems. The company paid out more than $9 billion to providers in 2024, and more than $4.5 billion has already been repaid, according to the company’s fourth-quarter earnings report in January. UnitedHealth said providers would receive an invoice once standard payment operations resumed, and that they would be subject to a repayment period of 45 business days.
“Change Healthcare will notify the recipient that the funding amount is due after claims processing or payment processing services have resumed and payments impacted during the service disruption period are processed,” the website says.
Dwindling deposits, lost revenue
While the vast majority of Change Healthcare’s services have been restored over the course of the last year, three products are still listed as “partial service available,” according to UnitedHealth’s cyberattack response website.
And doctors are still reeling.
Meyer said that when the breach took place, she watched her practice’s daily deposits shrivel from the range of $60,000 to $80,000 to about $150 “overnight.” She applied for Optum’s temporary funding assistance program, and after some difficulty and back and forth with the company, she ultimately received a total of $756,900 in financial assistance.
Former Senator Bob Casey Jr., D-Pa., shared Meyer’s story during the congressional hearing in May. He asked Witty about the company’s approach to the repayment process.
“I’d like to absolutely confirm to you and Dr. Meyer that we have no intention of asking for loan repayment until after she determines that her business is back to normal,” Witty told lawmakers. “Even then, we would not look for repayment until 45 business days – 60 calendar days – after that and there would be no interest and no fee associated with that loan.”
“So it would be a determination she makes?” Casey asked.
“That’s absolutely right,” Witty said.
Meyer said that’s not what happened.
UnitedHealth Group Inc. headquarters stands in Minnetonka, Minnesota, U.S.
Mike Bradley | Bloomberg | Getty Images
She received a notice from Optum on Jan. 24, which was viewed by CNBC, that requested repayment since “the service disruption has ended for most clients.” Meyer said she called and told the company she was “not in any position to pay.”
Meyer claims that her practice lost more than $1 million in revenue due to the Change Healthcare cyberattack. She told CNBC the figure was based on a forensic financial analysis her practice carried out by comparing its charges against payments over recent years. The $1.2 million figure accounts for losses across all its insurers, not just UnitedHealthcare, Meyer said.
On April 1, Meyer received another notice requesting immediate repayment within five business days. The letter was addressed to Meyer. But the name of the practice on the letter, Insight Counseling, as well as the total amount due, $925,200, were incorrect.
Meyer said she called Optum again and was told the company made a mistake, but that she had five days to repay her actual total of $750,000. At that point, the company would start withholding her UnitedHealthcare payments, which she described as a “shakedown.”
Meyer said her practice typically receives annual claims payments of about $150,000 to $200,000 from UnitedHealthcare.
“I guess I’ll just let them take those payments back for the next three years until they get their money back,” she told CNBC.
In a post on LinkedIn on Thursday, Meyer wrote that she and her team “made a plan to leave the least amount of money in the account set up to receive payments from UnitedHealthcare. If it isn’t there, they can’t get it.”
‘Very frustrating experience’
Dr. Purvi Parikh, an allergist and immunologist with a private practice in New York, shared a similar story.
Parikh’s practice received about $440,000 in funding assistance after the breach. She said she started getting repayment notices late last year, and that Optum was threatening to offset claims payable to the practice.
“We were already hit very hard by the Change Healthcare hack,” Parikh said in an interview. “Now on top of that, they’re asking for all of this money back or they’re going to hold future payments ransom. It’s just been a very frustrating experience dealing with Optum.”
Parikh’s practice requested a one-month extension on its final payment of $101,650 in January to try and keep UnitedHealth from withholding other payments. In the email request, Parikh’s colleague wrote that “it has been quite difficult to recover financially.”
Optum granted Parikh’s practice the extension.
“People don’t just have that amount of money just sitting around,” Parikh said. “We’ve paid everything back, but it wasn’t without hardship.”
A physician who runs a pediatric practice in New Jersey said UnitedHealth has already started withholding payments from the organization. The practice received more than $500,000 in funding assistance following the Change Healthcare breach.
The doctor, who asked not to be named due to the sensitive nature of the situation, said the practice began receiving phone calls and emails from Optum requesting repayment beginning late last year. The group indicated that it didn’t have the money, but would set up a payment plan and had begun the process.
But the doctor said its billing department noticed that UnitedHealth had already started holding back claims payments. In its explanation of benefits, which details what an insurer will cover, the doctor said the company has a line that reads, “UnitedHealthcare is withholding payment for Optum.”
WATCH: Health and Human Services Department opens probe into hack at UnitedHealth’s Change Healthcare
Omada Health smart devices in use.
Courtesy: Omada Health
Virtual care company Omada Health filed for an IPO on Friday, the latest digital health company that’s signaled its intent to hit the public markets despite a turbulent economy.
Founded in 2012, Omada offers virtual care programs to support patients with chronic conditions like prediabetes, diabetes and hypertension. The company describes its approach as a “between-visit care model” that is complementary to the broader health-care ecosystem, according to its prospectus.
Revenue increased 57% in the first quarter to $55 million, up from $35.1 million during the same period last year, the filing said. The San Francisco-based company generated $169.8 million in revenue during 2024, up 38% from $122.8 million the previous year.
Omada’s net loss narrowed to $9.4 million during its first quarter from $19 million during the same period last year. It reported a net loss of $47.1 million in 2024, compared to a $67.5 million net loss during 2023.
The IPO market has been largely dormant across the tech sector for the past three years, and within digital health, it’s been almost completely dead. After President Donald Trump announced a sweeping tariff policy that plunged U.S. markets into turmoil last month, taking a company public is an even riskier endeavor. Online lender Klarna delayed its long-anticipated IPO, as did ticket marketplace StubHub.
But Omada Health isn’t the first digital health company to file for its public market debut this year. Virtual physical therapy startup Hinge Health filed its prospectus in March, and provided an update with its first-quarter earnings on Monday, a signal to investors that it’s looking to forge ahead.
Omada contracts with employers, and the company said it works with more than 2,000 customers and supports 679,000 members as of March 31. More than 156 million Americans suffer from at least one chronic condition, so there is a significant market opportunity, according to the company’s filing.
In 2022, Omada announced a $192 million funding round that pushed its valuation above $1 billion. U.S. Venture Partners, Andreessen Horowitz and Fidelity’s FMR LLC are the largest outside shareholders in the company, each owning between 9% and 10% of the stock.
“To our prospective shareholders, thank you for learning more about Omada. I invite you join our journey,” Omada co-founder and CEO Sean Duffy said in the filing. “In front of us is a unique chance to build a promising and successful business while truly changing lives.”
WATCH: The IPO market is likely to pick up near Labor Day, says FirstMark’s Rick Heitzmann
Technology
Google would need to shift up to 2,000 employees for antitrust remedies, search head says
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway