A bipartisan coalition with 22 state attorneys general wrote to UnitedHealth Group CEO Andrew Witty about their concern regarding the response to date to the ransomware attack on Change Healthcare on February 21, 2024 as well as the many issues encountered by healthcare companies, pharmacies, and patients.
Companies and pharmacies in their different jurisdictions have submitted reports of disastrous disruptions caused by the prolonged outage and restricted recovery of the services of Change Healthcare, and insufficient responses from Change Healthcare and its payor associates. Many companies and pharmacies have stated they are at risk of failure, with patients suffering from disruption to care caused by slowdowns in getting important prescription drugs. In certain instances, patients were refused access to medicines because providers failed to carry out eligibility assessments.
In the weeks after the attack, the Attorneys General have gotten awful communications from healthcare establishments, care providers, and patients because of the extended disruption to the services of Change Healthcare. The breakdown has resulted in problems with prescription drug accessibility, billing and payment backlogs, and other issues arising from the continued lack of access to the services of Change Healthcare.
Facilities using Change Healthcare as their tool to monitor services and claims could not promptly complete prior authorizations, verify benefits, record and file claims, and in certain cases lost access to standard care IT facilities, as stated by the Attorneys General. UnitedHealthcare should do more than it is currently doing to prevent causing more trouble for the healthcare infrastructure of the states and the individuals who depend on it.
Besides having less access to the systems of Change Healthcare, there was also a substantial data breach. UnitedHealth Group released an announcement stating the compromise of personally identifiable and protected health information (PHI) and that the data breach could impact a significant percentage of the U.S. populace. Additionally, considering the current nature and intricacy of the data analysis, it will probably take a few months of ongoing analysis before adequate facts will become accessible to determine and inform affected users and individuals.
Care providers and non-HG services contacted the Attorneys General and reported their inability to reach Change Healthcare personnel who could give prompt details about the breached information, how they could avail financial assistance that doesn’t enforce unreasonable terms like waiver of liability, and how they could record and file claims at the time of the breakdown. Although financial support is available, for numerous providers that have encountered financial issues because of the cyberattack, the support provided is inadequate. Many independent companies were quoted relief of only $10 a week.
The letter of the Attorneys General listed several steps that they think must be taken to help relieve the problems brought on by the outage. Those steps include the
- improvement and extension of financial help to all impacted companies
- ensuring companies and practices that belong to UHG or its subsidiaries are not being provided more favorable financial help than others
- giving a specific helpline to enable providers to settle unanswered queries
- making sure that the claims backlog is resolved
- issuing prompt notifications to the practices and individuals whose information was compromised
The Attorneys General likewise asked to be given an unbiased analysis to confirm that the systems of UHG and Change Healthcare are secured and that the vulnerabilities exploited during the cyberattack were resolved.
