UnitedHealthcare Restores Partial Services Post Cyberattack

The company said it expects to begin testing and reestablishing connectivity to the claims network and software on March 18.

Days after what was described as one of the worst cyberattacks impacting healthcare systems in the US, UnitedHealthcare has said that part of the services have been restored.

However, it has also said that Change Healthcare’s systems are expected to be restored by mid-March.

According to the statement released by the insurance giant, the electronic prescribing for its pharmacy services is now fully functional. Services such as claims submission and payment transmission are also available.

“Optum Rx pharmacies are diligently ensuring medication access for patients, alleviating concerns about disrupted pharmacy services,” the statement read.

However, the electronic payment functionality will only be available for connection from March 15 onwards. The company said it expects to begin testing and reestablishing connectivity to the claims network and software on March 18.

On February 21, Change Healthcare discovered a cyberattack on its tech department leading to an outage of its services. The attack impacted its client health systems and providers, stalling multiple medical and non-medical functions.

CEO Andrew Witty underscored UnitedHealth Group's commitment to providing relief to affected individuals, emphasizing the collective effort to ensure uninterrupted access to care and medications.

“All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices and that patients can get their medications. We’re determined to make this right as fast as possible,” he assured.

Notorious cybercrime group BlackCat took responsibility for the ransomware attack claiming that it had around 6TB of patient data including medical history and other details.

UnitedHealthcare and the FBI had launched an investigation into the matter.

The company, however, said that the ongoing investigation has not identified any additional affected systems within the organization which signified the progress in containment efforts.

UnitedHealthcare’s Plan to Support Affected Health Systems

As the cyberattack crippled majority of the health systems across the US affecting prescription, patient admission, and even payments to providers, UnitedHealthcare says it has rolled out an alternate plan to support its clients.

The company has advocated the use of established workarounds, including the iEDI claim submission system, to maintain operational continuity during the restoration process.

Furthermore, to address the short-term cash flow needs necessitated by the security breach, the company is launching temporary assistance programs to extend financial support to community-based providers, the statement said.

However, the stopgap funding through loans is a “funding mechanism of last resort” especially for small and regional providers, the company underscored. It also said the loan requests will be evaluated on a case-by-case basis.

However, those availing the loans free of fees, interest, or other associated costs will need to repay the amount within 30 days of standard payment operations being resumed.

Additionally, the company said it will be suspending prior authorizations and utilization reviews for select services temporarily until March 31. This will help those who are availing Medicare Advantage plans and Part D pharmacy benefits.

To support patients struggling to get medication in the absence of reimbursement services, the company said it will reimburse appropriate pharmacy claims filled in good faith. The move is aimed at providing reassurance to network pharmacy partners and associations.

$22 Million Ransom Paid in Cryptocurrency

According to multiple reports citing cybersecurity experts, $22 million was deposited in a cryptocurrency wallet associated with BlackCat. The payment was reportedly made in Bitcoins.

Both UnitedHealthcare and BlackCat have remained tight-lipped on the claims of payment of a $22 million ransom.

However, Change Healthcare has responded to media queries of several outlets saying that it is focused on the investigation and restoration of its services.