AG Ellison calls on UnitedHealth to provide more help in cyberattack

Attorneys general in 22 states signed a letter calling the response thus far “inadequate” and questioning if company-owned clinics have received more assistance than others.

The Minnesota Star Tribune
April 25, 2024 at 8:18PM
Attorney General Keith Ellison speaks during a press conference at the Attorney General’s Office inside the Minnesota State Capitol in St. Paul, Minn., on Tuesday, April 23, 2024. ALEX KORMANN • alex.kormann@startribune.com (Alex Kormann/The Minnesota Star Tribune)

Minnesota Attorney General Keith Ellison is pushing UnitedHealth Group to provide more help for health care providers and patients affected by the cyberattack at the company’s subsidiary, Change Healthcare.

Ellison and 21 other state attorneys general sent a letter Thursday to the Minnetonka-based health care giant outlining concerns, including allegations that UnitedHealth Group has been unfairly providing more assistance to clinics that it owns and operates.

The cyberattack response from both Change Healthcare and UnitedHealth Group has so far been inadequate, the attorneys general wrote. They said health care providers have been unable to reach staff who can provide timely information about everything from the data that has been breached to whether systems have ongoing cyber vulnerabilities.

“You must do more than you are currently to avoid imposing further harm to our states’ health care infrastructure and the patients who rely on it ...,” the attorneys general wrote in the letter to UnitedHealth Chief Executive Andrew Witty. “We are also deeply concerned by the perception that practices owned by United may be getting more immediate relief and more favorable terms from the financial assistance program.”

UnitedHealth Group said in a statement that ever since the incident surfaced, the company has prioritized patient access to care as well as providing resources and support to individuals, health care providers and customers.

“We continue to offer financial assistance to those providers who need it and encourage them to contact us,” the company said.

The February cyberattack targeted a UnitedHealth subsidiary that runs a widely used clearinghouse for electronic claims data that processed about half of all claims in the U.S. The impact has been felt at pharmacy counters, where patients initially struggled to fill prescriptions, and at hospitals and clinics, where the system for filing claims for payment from health insurers has been severely disrupted.

This week, UnitedHealth Group said a substantial proportion of Americans may have had their personal data compromised in the cyberattack and offered free credit monitoring and identity theft protection.

The company said it likely will take several months of continued analysis to identify and notify affected customers and individuals. IT services are continuing to recover, UnitedHealth Group said, with pharmacy systems back to near-normal levels and medical claims flowing at near-normal levels.

about the writer

about the writer

Christopher Snowbeck

Reporter

Christopher Snowbeck covers health insurers, including Minnetonka-based UnitedHealth Group, and the business of running hospitals and clinics. 

See More

More from Business

card image

The InPen app paves the way for the launch of the company’s “Smart MDI” system combining a smart insulin pen that tracks doses and a monitor that makes real-time glucose readings for people who make multiple daily injections.