Small private practices and health-care providers are facing mounting financial pressures as crucial reimbursement systems remain down for the ninth day, following the cyberattack on Change Healthcare.
Change Healthcare offers tools for payment and revenue cycle management that help facilitate transactions between providers and most major insurance companies. Its parent company UnitedHealth Group discovered that a cyber threat actor breached part of the unit’s information technology network on Feb. 21, according to a filing with the U.S. Securities and Exchange Commission.
As a result, the company isolated and disconnected the impacted systems “immediately upon detection” of the threat, the filing said.
The fallout has caused a ripple of disruption across the U.S. health-care system.
Doctors told CNBC the outage has left them unable to check patients’ eligibility for treatment or fill prescriptions electronically, which has created more administrative responsibility for workers that are already overwhelmed by clerical work. Perhaps more importantly, providers have been unable to receive reimbursements from insurers, effectively grinding many health systems’ revenue cycles to a halt.
Smaller and mid-sized practices that rely on reimbursement cash flow to operate are making tough decisions about how to stay afloat. If the outage drags on for too long, experts say some practices may have to close their doors for good.
Dr. Purvi Parikh, an allergist and immunologist with a private practice in New York City, told CNBC that the breach has been a “mess” and a “big stressor.” Like many others, she said her practice hasn’t been able to receive reimbursements from insurers for patient visits, which makes it difficult for the practice to pay for operational expenses like payroll and medical supplies.
Switching to a new platform could take weeks, Parikh said, so there’s no immediate workaround available. As of Thursday, Change Healthcare has not shared any updates about when it expects its systems to be back online.
“The most frustrating part is that nobody has any answers or solutions,” Parikh said. “We’re kind of just stuck.”
Change Healthcare on Thursday said that ransomware group Blackcat is behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
The company said it is working with law enforcement and third party consultants like Mandiant, which is owned by Google, and cybersecurity software vendor Palo Alto Networks to assess the breach.
“Patient care is our top priority and we have multiple workarounds to ensure people have access to the medications and the care they need,” Change Healthcare said in a statement to CNBC.
Dr. Kiranjit Khalsa, an allergist and immunologist who runs an independent practice in Scottsdale, Arizona, said her staff has been working longer hours to try and accommodate the extra work as a result of the breach, as well as manually calling in prescriptions.
She said the problems around reimbursement have been the “biggest burden,” since she is worried about how she can continue to support her patients and employees. Khalsa is considering cutting back hours for staff and even closing the clinic for a few days.
“I worry about providing for them,” Khalsa told CNBC in an interview. “I also worry about: Where am I going to get this money if it does not come through? Do I need to take a loan out to keep the clinic afloat?”
Even when Change Healthcare’s systems do come back online, there are a lot of unanswered questions about what will happen next, according to Dr. Dan Inder Sraow, an interventional cardiologist who owns a private practice around Phoenix, Arizona. He said it’s not clear whether Change Healthcare will take on the responsibility of processing all the claims or if he’ll need to hire additional staff to help.
“I don’t think that people are aware that the actual people providing the services are not able to extract revenue for those services,” Dr. Sraow told CNBC. “We don’t know how long that’s going to be, and that’s such a dangerous, dangerous thing.”
Dr. Jesse Ehrenfeld, president of the American Medical Association, said he has spent days fielding calls from concerned colleagues.
He said he spoke with one doctor who runs an oncology practice and only has up to two weeks’ worth of cash on hand. If the outage drags out, the practice won’t be able to buy the chemotherapy that its patients depend on for treatment.
Since many providers are operating on razor-thin margins, Ehrenfeld said there is a possibility that some will go out of business.
“We have so many practices that are on the fringe, particularly smaller practices, where they are just scraping by,” Ehrenfeld told CNBC in an interview. “Any aberration in the system where, ‘Oh, you don’t get checks for two weeks,’ obviously is a situation that does put practices at risk.”
In 2022, Change Healthcare merged with the provider Optum, which services more than 100 million patients in the U.S. and is owned by UnitedHealth, the country’s biggest health-care company by market cap.
The American Medical Association vocally opposed the merger, writing in a letter to the DOJ that the union could stifle competition, give UnitedHealth access to large data stores and potentially disrupt patient care.
The merger ultimately went through, but the DOJ has recently launched an antitrust investigation into UnitedHealth, according to a Wall Street Journal report Tuesday.
“It’s just sort of like a perfect storm of regulatory issues [and] lack of competition — and unfortunately, the people who are really going to suffer are patients and individuals who work in the healthcare system,” said Dr. Ravi Parikh, a retina specialist that owns and operates a practice in New York City.
The cyberattack has left Parikh’s clinic without a way to receive reimbursements for the expensive medications it administers. He said he has been thinking about contingency plans, such as seeking out cheaper medications and asking some patients to pay upfront, but his focus is on providing the best care possible.
“The health care system could eventually come to a halt because a lot of clinics and pharmacies might not be viable,” Parikh said.
Lemon8, a photo-sharing app by Bytedance, and RedNote, a Shanghai-based content-sharing platform, have seen a surge in popularity in the U.S. as “TikTok refugees” migrate to alternative platforms ahead of a potential ban.
Now a law that could see TikTok shut down in the U.S. threatens to ensnare these Chinese social media apps, and others gaining traction as TikTok-alternatives, legal experts say.
As of Wednesday, RedNote — known as Xiaohongshu in China — was the top free app on the U.S. iOS store, with Lemon8 taking the second spot.
While the legislation explicitly names TikTok and ByteDance, experts say its scope is broad and could open the door for Washington to target additional Chinese apps.
“Chinese social media apps, including Lemon8 and RedNote, could also end up being banned under this law,” Tobin Marcus, head of U.S. policy and politics at New York-based research firm Wolfe Research, told CNBC.
If the TikTok ban is upheld, it will be unlikely that the law will allow potential replacements to originate from China without some form of divestiture, experts told CNBC.
PAFACA automatically applies to Lemon8 as it’s a subsidiary of ByteDance, while RedNote could fall under the law if its monthly average user base in the U.S. continues to grow, said Marcus.
The legislation prohibits distributing, maintaining, or providing internet hosting services to any “foreign adversary controlled application.”
These applications include those connected to ByteDance or TikTok or a social media company that is controlled by a “foreign adversary” and has been determined to present a significant threat to national security.
The wording of the legislation is “quite expansive” and would give incoming president Donald Trump room to decide which entities constitute a significant threat to national security, said Carl Tobias, Williams Chair in Law at the University of Richmond.
Xiaomeng Lu, Director of Geo‑technology at political risk consultancy Eurasia Group, told CNBC that the law will likely prevail, even if its implementation and enforcement are delayed. Regardless, she expects Chinese apps in the U.S. will continue to be the subject of increased regulatory action moving forward.
“The TikTok case has set a new precedent for Chinese apps to get targeted and potentially shut down,” Lu said.
The fate of TikTok rests with Supreme Court after the platform and its parent company filed a suit against the U.S. government, saying that invoking PAFACA violated constitutional protections of free speech.
TikTok’s argument is that the law is unconstitutional as applied to them specifically, not that it is unconstitutional per se, said Cornell Law Professor Gautam Hans. “So, regardless of whether TikTok wins or loses, the law could still potentially be applied to other companies,” he said.
The law’s defined purview is broad enough that it could be applied to a variety of Chinese apps deemed to be a national security threat, beyond traditional social media apps in the mold of TikTok, Hans said.
Trump, meanwhile, has urged the U.S. Supreme Court to hold off on implementing PAFACA so he can pursue a “political resolution” after taking office. Democratic lawmakers have also urged Congress and President Joe Biden to extend the Jan. 19 deadline.
Synthesia is a platform that lets users create AI-generated clips with human avatars that can speak in multiple languages.
Synthesia
LONDON — Synthesia, a video platform that uses artificial intelligence to generate clips featuring multilingual human avatars, has raised $180 million in an investment round valuing the startup at $2.1 billion.
That’s more than than double the $1 billion Synthesia was worth in its last financing in 2023.
The London-based startup said Wednesday that the funding round was led by venture firm NEA with participation from Atlassian Ventures, World Innovation Lab and PSP Growth.
NEA counts Uber and TikTok parent company ByteDance among its portfolio companies. Synthesia is also backed by chip giant Nvidia.
Victor Riparbelli, CEO of Synthesia, told CNBC that investors appraised the businesses differently from other companies in the space due to its focus on “utility.”
“Of course, the hype cycle is beneficial to us,” Riparbelli said in an interview. “For us, what’s important is building an actually good business.”
Synthesia isn’t “dependent” on venture capital — as opposed to companies like OpenAI, Anthropic and Mistral, Riparbelli added.
These startups have raised billions of dollars at eye-watering valuations while burning through sizable amounts of money to train and develop their foundational AI models.
Read more CNBC reporting on AI
Synthesia’s not the only startup shaking up the world of video production with AI. Other startups offer solutions for producing and editing video content with AI, like Veed.io and Runway.
Meanwhile, the likes of OpenAI and Adobe have also developed generative AI tools for video creation.
Eric Liaw, a London-based partner at VC firm IVP, told CNBC that companies at the application layer of AI haven’t garnered as much investor hype as firms in the infrastructure layer.
“The amount of money that the application layer companies need to raise isn’t as large — and therefore the valuations aren’t necessarily as eye popping” as companies like Nvidia,” Liaw told CNBC last month.
Riparbelli said that money raised from the latest financing round would be used to invest in “more of the same,” furthering product development and investing more into security and compliance.
Last year, Synthesia made a series of updates to its platform, including the ability to produce AI avatars using a laptop webcam or phone, full-body avatars with arms and hands and a screen recording tool that has an AI avatar guide users through what they’re viewing.
On the AI safety front, in October Synthesia conducted a public red team test for risks around online harms, which demonstrated how the firm’s compliance controls counter attempts to create non-consensual deepfakes of people or use its avatars to encourage suicide, adult content or gambling.
The National Institute of Standards and Technology test was led by Rumman Chowdhury, a renowned data scientist who was formerly head of AI ethics at Twitter — before it became known as X under Elon Musk.
Riparbelli said that Synthesia is seeing increased interest from large enterprise customers, particularly in the U.S., thanks to its focus on security and compliance.
More than half of Synthesia’s annual revenue now comes from customers in the U.S., while Europe accounts for almost half.
Synthesia has also been ramping up hiring. The company recently tapped former Amazon executive Peter Hill as its chief technology officer. The company now employs over 400 people globally.
U.K. Technology Minister Peter Kyle said the investment “showcases the confidence investors have in British tech” and “highlights the global leadership of U.K.-based companies in pioneering generative AI innovations.”
The SEC filed a lawsuit against Elon Musk on Tuesday, alleging the billionaire committed securities fraud in 2022 by failing to disclose his ownership in Twitter and buying shares at “artificially low prices.”
Musk, who is also CEO of Tesla and SpaceX, purchased Twitter for $44 billion, later changing the name of the social network to X. Prior to the acquisition he’d built up a position in the company of greater than 5%, which would’ve required disclosing his holding to the public.
According to the SEC complaint, filed in U.S. District Court in Washington, D.C., Musk withheld that material information, “allowing him to underpay by at least $150 million for shares he purchased after his financial beneficial ownership report was due.”
The SEC had been investigating whether Musk, or anyone else working with him, committed securities fraud in 2022 as the Tesla CEO sold shares in his car company and shored up his stake in Twitter ahead of his leveraged buyout. Musk said in a post on X last month that the SEC issued a “settlement demand,” pressuring him to agree to a deal including a fine within 48 hours or “face charges on numerous counts” regarding the purchase of shares.
Musk’s lawyer, Alex Spiro, said in an emailed statement that the action is an admission by the SEC that “they cannot bring an actual case.” He added that Musk “has done nothing wrong” and called the suit a “sham” and the result of a “multi-year campaign of harassment,” culminating in a “single-count ticky tak complaint.”
Musk is just a week away from having a potentially influential role in government, as President-elect Donald Trump’s second term begins on Jan. 20. Musk, who was a major financial backer of Trump in the latter stages of the campaign, is poised to lead an advisory group that will focus in part on reducing regulations, including those that affect Musk’s various companies.
In July, Trump vowed to fire SEC chairman Gary Gensler. After Trump’s election victory, Gensler announced that he would be resigning from his post instead.
In a separate civil lawsuit concerning the Twitter deal, the Oklahoma Firefighters Pension and Retirement System sued Musk, accusing him of deliberately concealing his progressive investments in the social network and intent to buy the company. The pension fund’s attorneys argued that Musk, by failing to clearly disclose his investments, had influenced other shareholders’ decisions and put them at a disadvantage.
The SEC said that Musk crossed the 5% ownership threshold in March 2022 and would have been required to disclose his holdings by March 24.
“On April 4, 2022, eleven days after a report was due, Musk finally publicly disclosed his beneficial ownership in a report with the SEC, disclosing that he had acquired over nine percent of Twitter’s outstanding stock,” the complaint says. “That day, Twitter’s stock price increased more than 27% over its previous day’s closing price.”
The SEC alleges that Musk spent over $500 million purchasing more Twitter shares during the time between the required disclosure and the day of his actual filing. That enabled him to buy stock from the “unsuspecting public at artificially low prices,” the complaint says. He “underpaid” Twitter shareholders by over $150 million during that period, according to the SEC.
In the complaint, the SEC is seeking a jury trial and asks that Musk be forced to “pay disgorgement of his unjust enrichment” as well as a civil penalty.
