Change Healthcare encountered an ALPHV/Blackcat ransomware attack and spent $22 million as a ransom payment to stop the exposure of the 6TB of stolen data. However, the ransomware group pocketed the payment and did not pay the affiliate who executed the cyberattack.
Then RansomHub, a somewhat new ransomware group, issued a demand saying it had obtained the stolen information from the ex-ALPHV affiliate and wanted a ransom payment to stop the leakage of the data. There is no payment made yet and so RansomHub has begun leaking the stolen information. Screenshots were released that look like data-sharing contracts between Change Healthcare and some of its clients, as well as some files with patient information.
The group states it is going to sell the stolen information to the top bidder in 5 days in case UnitedHealth Group and Change Healthcare do not negotiate an appropriate payment. Change Healthcare has affirmed it knows about RansomHub’s threat but there is no verification if the exposed information was stolen during the February cyberattack. UnitedHealth Group has stated that personal health data and protected health information were stolen during the attack. Forensics specialists have reviewed the impacted files. The data types exposed and the number of persons impacted are not yet reported.
Providers Still Having Difficulties Financially Because of the Cyberattack
The American Medical Association’s (AMA) survey shows that
- over one-third (36%) of physician practices have reported the suspension of their claims payments because of the ransomware attack
- one-third (32%) have not filed claims
- two-fifths (39%) have not obtained electronic remittance advice
- one-fifth (22%) have not confirmed their eligibility for benefits.
- 77% of survey participants reported they encountered service disruptions as of the Change Healthcare ransomware attack and continue to deal with the impact of the attack
- 80% of companies stated they lost income from unpaid claims
- 78% lost income from claims that they could not file
- 55% had to utilize personal money to pay for expenditures incurred because of the attack
- 51% mentioned they have lost income from the failure to impose patient co-pays or outstanding dues
- 48% of survey participants stated they had to get into new and possibly expensive arrangements with substitute clearinghouses to carry out electronic transactions, and although some practices were able to benefit from temporary financing support, advance payments, and loans, problems continued with all of those procedures.
The disruption resulting from this cyber-attack is creating great financial pressure. The survey results show that practices will shut down due to this incident, and patients won’t be able to access their doctors. The increasing Medicare reductions and failure to process claims because of this attack are disastrous to physician practices that are presently having difficulties staying open.
Lawmakers Want to Know What Went Wrong
On April 8, 2024, Senate Judiciary Subcommittee on Privacy, Technology and the Law ranking member, Senator Josh Hawley (R-MO), and Subcommittee Chair, Richard Blumenthal (D-CT), wrote a letter to UnitedHealth Group Chief Executive Officer Andrew Witty in search of answers regarding the attack. One question was about the insufficient redundancy to stop a major outage. The Senators likewise asked for details about the nature of the network breach, a chronology of events after the attack, and the actions UnitedHealth Group is doing to fill the income gap companies are having and what it is doing to determine the healthcare providers and patients whose information was stolen during the attack. The Senators required answers before April 15, 2024.
On April 15, 2024, the House of Representatives Committee on Energy and Commerce members sent a letter to Andrew Witty requiring answers to a lengthy list of questions concerning the status and effect of the cyberattack and network recovery, the detection and quick response to the cyberattack, the cybersecurity practices and specialized resources available, the support to the healthcare community, and information about the restoration by April 29, 2024.
$1.6 Billion Lost Due to Ransomware Attack
UnitedHealth Group has spent about $872 million in Q1 of 2024 in response to the Change Healthcare ransomware attack. $593 million was spent on direct-response expenses and $279 million was lost because of disruption to company operations. UnitedHealth has additionally offered $6 billion in short-term, interest-free financing to companies impacted by the breakdowns who could not pay for their services and anticipates the expenses in 2024 to grow from $1.35 billion to $1.6 billion. Despite suffering losses because of the cyberattack, UnitedHealth Group has surpassed expectations in Q1 of 2024, with income going up to $8 billion year-over-year.