Tag: UnitedHealth

HHS launches probe into UnitedHealth over ransomware attack on subsidiary

March 13, 2024/in Internet Security

The Department of Health and Human services is probing Change Healthcare parent company UnitedHealth amid several weeks of prescription routing backlogs and clinical disruptions that resulted from a crippling ransomware attack late last month, the agency announced Wednesday.

The probe will specifically examine UnitedHealth’s compliance with the Health Insurance Portability and Accountability Act, or HIPPA, that is meant to enforce safeguards for patients’ healthcare data.

The HHS Office of Civil Rights said that it’s in “the best interest of patients and health care providers” to examine the healthcare giant, which provides health insurance services for millions of Americans and participating employers.

“Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” UnitedHealth said in a press statement, which adds the company is “working with law enforcement to investigate the extent of impacted data.”

White House officials on Tuesday met with healthcare policy participants and agency heads to discuss the incident, which included UnitedHealth CEO Andrew Witty.

The cyberattack, claimed by the ALPHV/Blackcat ransomware gang, has roiled Change Healthcare, one of the largest healthcare payment systems in the U.S. The incident has delayed prescription fillings and has led to cash crunches at clinics and other facilities. The disruptions are causing some providers to lose upwards of $1 billion per day in revenues.

Change Healthcare reportedly made a $22 ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their site. Analysts expect the group to reemerge under a new name.

Officials this past week rolled out emergency financing plans that would accelerate payments to certain providers and suppliers experiencing shortfalls in funding.

The cyberattack is arguably the most consequential cyberthreat facing a major U.S. healthcare service in recent memory, with some lawmakers including Senate Intelligence Committee Chair Mark Warner, D-Va., ready to introduce legislation to provide for accelerated and advanced payments to providers and vendors affected by future…

Source…

UnitedHealth Exploits an ‘Emergency’ It Created

March 12, 2024/in Internet Security

Last Thursday, the medical colossus UnitedHealthcare applied for an emergency exemption that would fast-track its takeover of a medical practice in Corvallis, Oregon, in a letter warning regulators that the practice might close its doors if the merger were not approved right away.

Although the specific reason for the exemption request is redacted from the publicly posted version of the application, a clinic insider says the “emergency” is the same one that has plunged thousands of other health providers across the nation into a terrifying cash crunch: the weeks-long outage of UnitedHealth’s Change Healthcare clearinghouse and claims processing systems, which has halted the flow of information that enables physicians, hospitals, and other health care providers to get paid for their work.

“Our claims processing goes through [Change], so all of a sudden there was no money coming in,” the insider, an employee of The Corvallis Clinic who did not want to be identified for fear of jeopardizing the transaction, told the Prospect. The clinic’s shareholders, who include include more than half of its 110 physicians and one of its behavioral health providers, worked without pay last week in order to “scrape together enough money to pay the staff,” the insider said, but on Thursday the shareholders explained that they weren’t sure they would be able to open the doors Monday without an emergency cash injection. “They’re praying that the sale’s going to go through and that Optum will front them the money.”

More from Maureen Tkacik

The situation underscores the perverse state of affairs in which UnitedHealth, which comprises some 2,642 separate companies that collectively raked in $371.6 billion last year, has arguably profited from the desperation that the hacking of its Change computer systems in late February has inflicted upon the health care system. An estimated half of all health care transactions are processed or somehow otherwise touched by Change, a rollup of dozens of health care technology firms that provide 137 software applications that have been affected by the outage.

Every dollar in revenue that has disappeared from hospitals, medical…

Source…

Ransomware attack on UnitedHealth hits provider payments

March 3, 2024/in Internet Security

A weeklong ransomware attack on key units of the UnitedHealth Group is leaving healthcare providers across the United States struggling to process payments.

According to the American Hospital Association, large hospital chains and smaller-level providers have been locked out of processing payments. Although large systems have been able to absorb the blow financially, smaller providers are already beginning to run low on cash as they take on the costs of being unable to collect from patients.

The UnitedHealth Group is one of the largest health benefits organizations in the United States, directly insuring over 27 million Americans in individual and employer plans, as well as nearly 14 million seniors on Medicare with private supplemental coverage.

UnitedHealth’s Change Healthcare, a critical linchpin for processing payments and revenue cycle management for UnitedHealth, has been incapacitated for more than a week after a hacker gained access to the network.

The attack has also thwarted prescription refills and renewals for pharmacies across the U.S., ranging from small independent firms to larger entities like Walgreens.

“This attack is not only on Change Healthcare but is an attack on the entire health care sector that depends upon the availability of Change healthcare services technology,” said the AHA’s national adviser for cybersecurity and risk, John Riggi.

The source of the attack and the actors responsible have not been officially identified.

A filing with the Securities and Exchange Commission from last week indicates that UnitedHealth “identified a suspected-nation-state associated cyber security threat actor” entered the information technology system on Feb. 21.

Sources close to the matter, however, reported to Reuters this week that a criminal gang known as “Blackcat” or “ALPHV” may be responsible for the attack. Blackcat reportedly did not respond to Reuters‘ request for comment.

Organizations that experience high-impact ransomware attacks can take several months to fully restore capacity, according to Riggi.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Although patients should not experience disruptions to care, the cash flow upholding…

Source…

UnitedHealth Group Confirms ALPHV Ransomware Gang Is Behind Attack

March 1, 2024/in Internet Security

Insurance giant UnitedHealth Group is officially blaming a notorious ransomware group for a major outage that’s been preventing healthcare providers from processing prescriptions.

The company issued the update as its subsidiary Change Healthcare is still struggling to restore services, a week after suffering the attack, which has ensnared IT systems at hospitals and pharmacies across the country.

“Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” the company said on Thursday.

The statement clarifies that the attack isn’t exactly from a “suspected nation-state” actor, as UnitedHealth Group initially said. Instead, ALPHV is more of a cybercriminal group, although its members are likely based in Russia.

The company issued the confirmation a day after ALPHV took to its own site on the Dark Web and claimed responsibility for the attack on Change Healthcare. In some potentially bad news for users, the ransomware gang claims to have stolen 6TB or 6,000GB of data from United Healthcare during the attack.

This Tweet is currently unavailable. It might be loading or has been removed.

“Change Healthcare production servers process extremely sensitive data to all of UnitedHealth clients that rely on Change Healthcare technology solutions. Meaning thousands of healthcare providers, insurance providers, pharmacies, etc,” the group alleged.

As a result, the stolen data encompasses patient medical records, along with other sensitive user information, such as phone numbers, email addresses, and Social Security numbers, the gang claims. Change Healthcare also serves military hospitals, so data on US service members was apparently stolen as well.

Recommended by Our Editors

Interestingly, ALPHV appears to have taken down its original post about stealing data from UnitedHealth Group, which suggests the insurance provider may have paid the ransom.

UnitedHealth Group didn’t respond to a request for comment. In the meantime, the company’s statement notes: “Our experts are working to address the matter and we are working closely with law enforcement and…

Source…

Tag Archive for: UnitedHealth

Recommended by Our Editors