The American Hospital Association is accusing the parent company of Change Healthcare, which for two weeks has dealt with a cybersecurity incident that has caused disruptions at pharmacies nationwide of failing to adequately address the issues healthcare providers face getting reimbursed for services as a result of the attack.
On 1 March, UnitedHealth Group, which owns Change Healthcare, rolled out a “Temporary Funding Assistance Program” for providers who rely on the company’s software to get reimbursed by health insurers. It also unveiled a new electronic prescription service, which went online that afternoon.[1]
Since the incident began on 21 February, pharmacies, hospitals and other healthcare providers have been scrambling to fill prescriptions and to receive payment from insurers for care. Last week, UnitedHealth confirmed that the BlackCat/AlphV ransomware gang was behind the attack.
UnitedHealth’s funding assistance program offers short-term loans to affected organizations, but according to a letter Monday from AHA President Dirk McMahon it “is not even a band-aid on the payment problems.”
Despite the widespread nature of the outage, impacting a huge swathe of the American healthcare system, the program “is available to an exceedingly small number of hospitals and health systems,” he wrote. It addresses the difficulty of receiving payments from insurers, but not the “equally problematic issue” of providers being unable to send claims to insurance companies. “Second, the terms and conditions of the agreement are shockingly onerous,” McMahon said, requiring repayment within five days of notice, and allowing the company’s bank, Optum Financial Services, to recoup funds without notification, among other stipulations.
“Indeed, we have heard from some hospitals and health systems that these simply are not terms they can accept, especially when their financial future becomes more unpredictable the longer Change Healthcare is unavailable,” he said. As McMahon pointed out, UnitedHealth Group last year brought in more than $370 billion in revenue and $22 billion in profit. A company spokesperson did not address the AHA’s criticism of the program.
As providers raise the alarm about cash shortfalls, Senator Chuck Schumer (D-NY) continued calling for action from the federal government. On 4 March during a visit to a hospital, he called on the Centers for Medicare and Medicaid Services to provide advanced payments to healthcare providers struggling through the outage. The facility he was visiting, Rome Health in central New York, is reportedly incurring $2.3 million a week in losses from the cyberattack. “We need to give our hospitals the immediate relief they need so that they won’t be forced to reduce patient care,” Schumer said in a letter to the agency. “We can’t let hackers risk the financial stability of healthcare providers and even critical care to patients across America.”
On 3 March, someone claiming to be from a BlackCat/AlphV affiliate posted on the Ramp cybercrime forum saying that UnitedHealth Group had paid a $22 million ransom, after which the affiliate was cut out of the deal.
The post included a link to a Bitcoin payment address, which according to Wired received 350 bitcoin on 1 March. The address reportedly was linked to several ransomware payments in January, according to blockchain analysts.
In response to a request for comment about the affiliate’s claims of a ransom payment, a UnitedHealth spokesperson said: “We are focused on the investigation."
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. redskyalliance. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://therecord.media/healthcare-industry-needs-relief-after-change-cyber-incident-hospital-association/
Comments