Literature Review

UnitedHealth posts $1.4B loss in Q1 following Change cyberattack Becker's Payer Issues, by Jakob Emerson; 4/16/24 UnitedHealth Group posted a $1.4 billion net loss in the first quarter of 2024 following the sale of its Brazil operations and the unprecedented cyberattack on its Change Healthcare subsidiary in late February. Despite the losses, the company beat investor expectations and shares rose more than 6% to above $474, the Wall Street Journal reported. ... To date, the company has provided over $6 billion in advance payments to providers.

Providers still navigating Change outage as systems are restored Modern Healthcare, by Lauren Berryman; 4/10/24 Providers are seeing some improvements following the Change Healthcare cyberattack nearly two months ago, but not necessarily because they are reconnecting to restored systems. Hospitals and medical groups are submitting claims to payers through alternate vendors, allowing them to generate cash. But the level of claims and payments moving among healthcare organizations that had heavily relied on Change Healthcare is still far from normal.

Insurers’ response to the Change breach failed providers Modern Healthcare, by Chip Kahn and Dr. Bruce Siegel; 4/8/24 ... The Feb. 21 attack on Change Healthcare, a subsidiary of UnitedHealth Group’s Optum unit, severed the electronic ties that connect patients, providers and insurance companies. The attack robbed patients of the certainty they could seek and receive care, and it robbed physicians, pharmacists and hospitals of the resources necessary for patient care. ... Overlooked in this crisis, is that insurance companies failed to act decisively and collectively to protect patients and providers. ... Here’s what should have happened immediately when the threat facing patient care became painfully obvious. 

New Federal Health IT Strategy sets sights on a heathier, more innovative, and more equitable health care experienceU.S. Department of Health and Human Services; 3/28/24The U.S. Department of Health and Human Services (HHS) through the Office of the National Coordinator for Health Information Technology (ONC), today released the draft 2024–2030 Federal Health IT Strategic Plan (the draft Plan) for public comment. The draft Plan: 

UnitedHealth urges Change customers to reconnect to restored systems Modern Healthcare, by Lauren Berryman; 3/28/24 UnitedHealth group is calling on more health insurance companies to utilize the Change Healthcare systems it has already restored and bring the healthcare system closer to normalcy. The company, which operates Change Healthcare through its Optum subsidiary, is processing claims through its restored Assurance software and has reactivated its Relay Exchange clearinghouse, for example. But UnitedHealth Group needs more insurers to reconnect, it said in a notice on its website Wednesday.

How the healthcare sector is handling cybersecurity trainingModern Healthcare, by Mari Devereaux; 3/21/24... Healthcare entities should use the Change Healthcare incident as a lesson on how to strengthen their own cybersecurity and an opportunity to have conversations about third-party risk, contingency planning and vendor backups, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association. ... Both executives and lower-level staff need to be trained on how to spot a potential social engineering attack, best practices around cyber hygiene, and how to enact downtime procedures in the event that third party services are lost for up to 30 days or longer, Riggi said.

Is cybersecurity spending too low to prevent another Change breach? Modern Healthcare, by Brock E.W. Turner; 3/19/24 On Feb. 21, Change Healthcare, which processes 15 billion transactions a year, suffered a ransomware attack that has caused ripple effects throughout the healthcare system, hampering operations and finances for hospitals, physician offices, pharmacies, insurers and patients. Cybersecurity professionals are sounding the alarm on future attacks if healthcare organizations don't start putting more financial resources into protecting their data. 

UnitedHealth hack takes toll on healthcare providers to the nation's poor Reuters, by Julie Steenhuysen; 3/20/24 The ransomware attack on UnitedHealth that has disrupted payments to U.S. doctors and healthcare facilities nationwide for a month, has taken an especially harsh toll on the community health centers that serve more than 30 million poor and uninsured patients. Many large healthcare centers have been able to resume receiving payments and making claims after the hack by using alternative technology, UnitedHealth says. ... One Texas-based association said if the situation continues through the end of this month, some members will not be able to make payroll.

Healthcare hit hardest by ransomware last year, FBI IC3 report shows HealthITSecurity, by Jill McKeon; 3/12/24 The healthcare sector suffered more ransomware attacks than any other critical infrastructure sector last year, according to complaint data examined in the Federal Bureau of Investigation’s 2023 Internet Crime Report. ... In 2023, IC3 received a record 880,418 complaints, with losses exceeding $12.5 billion. These figures signify a 10 percent increase in complaints received and a 22 percent increase in losses suffered compared to last year’s report.

Should the DOJ break up UnitedHealth Group? MedCity News, by Marissa Plescia; 3/17/24 The U.S. Department of Justice has reportedly recently launched an antitrust investigation of UnitedHealth Group, which begs the question of whether the healthcare giant should be broken up. Experts have varying opinions.

CMS Statement on continued action to respond to the cyberattack on change healthcareCMS.gov Press Release; 3/9/24 The Centers for Medicare & Medicaid Services (CMS) is continuing to monitor and assess the impact that the cyberattack on UnitedHealth Group’s subsidiary Change Healthcare has had on all provider and supplier types. Today, CMS is announcing that, in addition to considering applications for accelerated payments for Medicare Part A providers, we will also be considering applications for advance payments for Part B suppliers. 

Why healthcare cyberattacks last so long Becker's Health IT, by Giles Bruce; 3/7/24 The cyberattack on Change Healthcare that has caused disruptions across a wide swath of the industry has entered its third week. But why do these IT outages last so long? 

HHS intervenes in Change Healthcare hack Becker's Health IT, by Giles Bruce; 3/5/24HHS said March 5 it would help accelerate payments to hospitals affected by the Change Healthcare cyberattack and institute other workarounds for providers. The agency said hospitals facing cash-flow issues from the IT outage can submit accelerated payment requests, like those issued during the pandemic, to their Medicare Administrative Contractors for "individual consideration." HHS said more details would be coming from the contractors later this week.