$3.3 billion in loans offered to providers hit by Change Healthcare attack

$3.3 billion in loans were made available to healthcare providers impacted by one of the most well-known cyberattacks in the first quarter of 2024.

What happened?

On March 27th, UnitedHealth Group announced that it had provided over $3.3 billion in loans to care providers affected by a cyberattack on its tech unit, Change Healthcare, which occurred last month. This attack delayed insurance claim processing, causing financial strain for many providers. UnitedHealth launched a temporary funding program to assist these providers, offering them 45 business days to repay the loans. More than 40% of the funds have been allocated to safety net hospitals and federally qualified health centers serving high-risk patients and communities.

The US government has also intervened to address the chaos caused by the breach, disproportionately affecting smaller medical care providers. Some providers have faced the dilemma of either stopping patient treatment or being unable to pay their staff. UnitedHealth has begun processing a backlog of over $14 billion in medical claims resulting from the attack.

The backstory 

On February 21, 2024, Change Healthcare experienced a cyberattack that interrupted its operations and services. The cyberattack impacted a number of the company's network services required for billing, processing claims, and transferring health data around the United States. 

In response, on March 21, UnitedHealth Group took action to support healthcare providers financially affected by the attack by providing advanced payments of over $2 billion to the affected healthcare providers. They also aimed to restore their medical claims software by March 25 and have since resumed payment processing and pharmacy network services after a temporary disruption.

The State Department has offered a substantial reward of up to $10 million for any information leading to identifying the perpetrators behind the attack. Meanwhile, the Department of Health and Human Services (HSS) is actively investigating potential breaches of protected health data resulting from the incident.

Go deeper: 

• UnitedHealth advanced over $2B to providers following cyberattack
• Health Care Cybersecurity Improvement Act aims to provide financial relief

Why it matters

The cyberattack on ChangeHealthcare significantly impacted nearly half of the US's medical insurance claims, impacting the cash flow of over 900,000 healthcare organizations. These loans will assist safety net hospitals and federally qualified health centers in restoring their cash flow and patient services. 

Looking ahead

Cybersecurity safeguards sensitive patient information, maintains the integrity of medical records, and ensures the uninterrupted delivery of healthcare services. A breach in the cybersecurity of a healthcare organization compromises patient privacy and jeopardizes patient safety by potentially disrupting medical treatments and procedures. Moreover, the digitization of healthcare increases the susceptibility of healthcare organizations to a wide range of cyberattacks. Therefore, investing in cybersecurity measures helps mitigate these risks and uphold the trust and confidence of patients and stakeholders in the healthcare system. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is Change Healthcare?

Change Healthcare is a company that provides technology solutions and services for the healthcare industry. They offer various services, including billing, claims processing, and health data management.

How long is it expected to take for Change Healthcare to recover from the cyberattack?

It may take several months for Change Healthcare to fully recover from the cyberattack and restore its operations to normal. The extent of the damage and the complexity of restoring affected systems will determine the duration of the recovery process.

Are there any precautions healthcare providers can take to protect themselves from similar cyberattacks in the future?

Healthcare providers can enhance their cybersecurity measures by implementing robust firewall and encryption protocols, regularly updating software and systems, conducting employee training on cybersecurity best practices, and investing in threat detection and response systems.

Read more: Preventing the spread of cybersecurity attacks in healthcare