paid an extra $1 billion to healthcare providers impacted by the Change Healthcare cyberattack since last week, bringing the total amount paid out to more than $3.3 billion– the company announced on Wednesday.
UnitedHealth, the owner of Change Healthcare, discovered in February that a cybercriminal group had breached a part of the unit’s IT network. According to Change Healthcare’s website, it processes more than 15 billion billing transactions annually, and one in three patient records go through its systems.
According to the company, the company disconnected the affected systems “immediately upon detection” of the threat registration with the Securities and Exchange Commission. The interruptions left many health care providers temporarily unable to fill prescriptions or receive reimbursement for his or her services from insurers.
Many healthcare providers depend on reimbursement money flow to operate, so the impact is important. Smaller and mid-sized practices told CNBC they’re making difficult decisions to stay in business. A study released by the American Hospital Association earlier this month found that 94% of hospitals experienced financial disruption in consequence of the attack.
As a result, UnitedHealth implemented its Temporary Financial Assistance Program to assist healthcare providers in need of support. The company said the $3.3 billion in advances wouldn’t have to be repaid until claims flow returned to normal. Federal agencies resembling the Centers for Medicare and Medicaid Services have already done this additional options have been introduced According to the announcement, countries and other interested parties will find a way to make interim payments to suppliers.
UnitedHealth has been working to restore Change Healthcare systems in recent weeks and expects some disruptions to proceed through April. website. On Friday, the company began processing more than $14 billion in outstanding claims, and on Wednesday it said “claims have started flowing.”
UnitedHealth shares have fallen more than 6% since the attack was revealed.
Late last month, the company said the Blackcat ransomware group was behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive institutional data and threatens to publish it unless ransom is paid, study finds December issue from the US Department of Justice.
The State Department announced Wednesday that it’s offering a reward of up to 10 million dollars to obtain information which will help discover or locate cybercriminals related to Blackcat.
UnitedHealth said Wednesday that it “continues to determine the contents of the data compromised by the threat actor.” The company said a “leading vendor” was analyzing the affected data. To evaluate the attack, United Health is working closely with law enforcement and third parties resembling Palo Alto Networks and Google-owned Mandiant.
“We continue to remain vigilant and have not seen evidence of any data being published online to date,” UnitedHealth said. “We are also committed to providing appropriate support to those whose data was breached.”
Rep. Jamie Raskin, D-Maryland, rating member of the House Committee on Oversight and Accountability, wrote letter on Monday to UnitedHealth CEO Andrew Witty, requesting information on the “scope and scope” of the breach.
Raskin asked Witty for details about when Change Healthcare notified its customers of the breach, what specific infrastructure and data was targeted, and what cybersecurity procedures the company had in place. The committee requested written responses “no later” than April 8.
“Given your company’s dominant position in the nation’s healthcare and health insurance industry, Change Healthcare’s prolonged disruption as a result of the cyberattack has already had ‘significant and far-reaching’ consequences,” Raskin wrote.
The Biden administration also opened an investigation into UnitedHealth earlier this month due to the “unprecedented scale of the cyberattack,” according to the statement.