UnitedHealth cyberattack payment freeze sparks provider panic


Payment to hundreds, if not thousands, of US healthcare providers has been frozen – just another devastating symptom of last week's cyberattack on UnitedHealth Group’s (UHG) Change Healthcare. This is as UHG officially acknowledges the ALPHV/Blackcat ransomware hit in its latest update.

Some of the smaller practices have reported to be in financial straits due to the payment processing stoppage, struggling to pay their office bills, and even employees.

Large hospital chains have also been impacted as a result of Change Healthcare being forced take its payment and billing management systems offline since the February 21st attack.

According to the American Hospital Association (AHA) which represents nearly 5,000 hospitals, healthcare systems, networks, and other providers the bigger hospitals, unlike smaller medical practices, are absorbing the costs of non-payment upfront. At least for now.

A conference call recording of several hospital cybersecurity officers was obtained by health and science news site Stat News on Thursday, which heard the officers say the outage could last for weeks.

The news outlet reported that UHG’s Chief Operating Officer Dirk McMahon had said the company was in the process of setting up a loan program for providers who are unable to submit insurance claims while systems are offline.

McMahon said the loan program will last "for the next couple of weeks as this continues to go on," the outlet reported.

Change Healthcare

As of last week, patients trying to fill prescriptions at both their retail chain pharmacies and local mom-and-pop shops also reported delays in all fifty states since the attack began nine days ago, the American Pharmacists Association (APhA) said.

The APhA had urged people to talk to their pharmacists if they ran out of medicine, but on day six of the attack, UnitedHealth announced they were able to provide “effective workarounds for most clients, averting what could have been a post-pandemic health disaster.

Still, neither Change Healthcare nor parent company Optum – both under the UnitedHealth Group conglomerate since 2017 – have been able to estimate when its systems will come back online, even with the assistance of outside security experts from Mandiant and Palo Alto Networks.

ALPHV/BlackCat confirmed

UHG put out a fresh statement Thursday finally addressing the ransomware rumors which have been circulating about the notorious ALPHV/BlackCat cybercriminal gang since Monday.

The ransomware cartel posted the intricate details about the attack on its dark leak site blog, including how much data was exfiltrated (6T), how many patient records were stolen (in the millions), and a name-dropping sample of the number of companies impacted (in the thousands).

“Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/BlackCat,” UHG said in a statement sent to Cybernews.

“We are actively working to understand the impact to members, patients and customers,” the California-based healthcare giant said.

“Patient care is our top priority and we have multiple workarounds to ensure people have access to the medications and the care they need,” it said.

ALPHV/BlackCat blog Change healthcare

Change Healthcare is one of the largest health technology software companies in the US, servicing roughly 85 million patients or 25% of the US population, according to Becker’s Hospital Review.

Magnitude of impact still unknown

While the financial losses are staggering, it’s the impact on patient care that is even more concerning, explained Jon Miller, CEO & Co-founder of the American anti-ransomware firm Halcyon.

Miller said recent studies have shown that “68% of healthcare providers surveyed said ransomware attacks resulted in a disruption to patient care.”

Miller said factors contributing to those “negative patient outcomes” include temporary suspension or rerouting of emergency services, canceled medical procedures – and downed billing systems, which is exactly what happened in the UHG hack.

Even more disturbing, Miller noted that roughly 40% of the providers said ransom attacks on a healthcare organization also lead to increased mortality rates and complications in medical procedures.

Although just a snapshot of the larger picture, half a dozen health entities – five small therapy practices and one laboratory – spoke with Reuters about the payment processing issues, which started for all six last week.

The businesses told Reuters the frozen payments were causing them to rack up thousands of dollars in overdue payments.

"We are 100 percent down when it comes to billing right now," said legal director Phil Seubring of Forensic Fluids, a Michigan-based lab that does drug testing for doctors' offices.

Clinical social worker Jenna Wilson from California also said she is not getting paid. Wolfson, who sees over two dozen patients a week, said she had about $4,000 in unprocessed claims. "This could be catastrophic for me and other small business mental health practitioners," she said.

According to John Riggi, American Health Association cybersecurity adviser and former FBI cyber division section chief, remediating just core services can easily take 30 days or more, with less important functions taking weeks.


More from Cybernews:

American crypto fraud losses exceed $1.5 billion

‘Amazon’s Choice’ doorbells are a security nightmare 

Money laundering scheme caught employing mules via Android app XHelper

Airbnb and Tripadvisor scammers targeting travelers 

Apple cancels development of autonomous car 

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked