Minneapolis therapy clinic sues over cyberattack at UnitedHealth subsidiary

Class action lawsuit is one of about two dozen filed thus far. Minnetonka-based company says it is restoring Change Healthcare systems that were sidelined to contain the threat.

The Minnesota Star Tribune
April 11, 2024 at 5:11PM
Earlier this month, UnitedHealth Group said 24 class action lawsuits related to the disruption caused by a cyberattack had been filed between March 1 and April 2. (Provided by UnitedHealth Group/guest)

A Minneapolis clinic is the latest to sue a UnitedHealth Group subsidiary over the fallout from its February cyberattack.

Twin Cities Counseling says it hasn’t been able to submit payment claims for more than 100 appointments — resulting in thousands of dollars in missing reimbursements — since UnitedHealth Group took down the claims processing system at its Change Healthcare division to contain the IT threat.

Because of the billing mess, Twin Cities Counseling couldn’t cover its payroll in March, the lawsuit says. Additionally, recently hired therapy providers at the clinic haven’t been able to transition their patients to the practice.

The complaint, which was filed Wednesday as a class action lawsuit in the U.S. District Court for Minnesota, says the Change Healthcare outage has meant that many health care providers across the country have lost their primary, and in some cases their only, system for obtaining payments from health insurers.

“Twin Cities Counseling LLC can no longer verify prospective clients’ insurance benefits,” states the lawsuit, which only names Change Healthcare as a defendant. “Without access to the Change platform, plaintiff has no way of knowing if a referrals’s insurance is active, what the plan’s copayment and deductible amounts are, or even whether the clinic’s providers are in network for the plan.

“This lack of information has forced plaintiff to choose between taking on patients blindly — with the risk of either foregoing future payment or strapping the patient with the bill — or declining referrals and appointment requests to avoid that risk,” according to the complaint. “Plaintiff has chosen the latter option out of an abundance of caution, and thus has lost valuable new business due to the data breach.”

Responding to the lawsuit, Minnetonka-based UnitedHealth Group said Thursday in a statement: “We are focused on the investigation and recovery of Change Healthcare’s operations.”

Earlier this month, the company asked that lawsuits related to the cyberattack be consolidated at a federal court in Nashville, where Change Healthcare is based. At the time, UnitedHealth Group said 24 class action lawsuits related to the disruption had been filed between March 1 and April 2.

“Change took prompt action to contain the incident, and defendants have invested extraordinary efforts to avoid harmful effects to individuals, providers and payers as a result of the incident,” the company said in a court filing earlier this month. “Numerous Change systems are back online, and others will be restored in the coming days and weeks.”

After disclosing the cyberattack in late February, UnitedHealth Group was hit in early March by federal class action lawsuits filed in Minnesota by patients struggling to obtain medications at pharmacies because of the IT system shutdown.

Lawsuits claim that Change Healthcare is responsible because it failed to implement reasonable security procedures to prevent the cyberattack.

Mental health providers have been among those most vocal in Minnesota talking about disruptions to their businesses because several clinics used an electronic health record called TherapyNotes that relied heavily on the data clearinghouse at Change Healthcare.

Twin Cities Counseling uses TherapyNotes, as well, the lawsuit says. The practice and owner Nick Ross have not received payments for services provided since the cyberattack, according to the complaint, and 16 claims that were in process at the time, totaling just over $3,500, are now “in limbo.”

“Plaintiff cannot submit them to a new clearinghouse, as doing so would risk double-billing insurers, yet Change cannot process the claims,” the complaint states. “As a result of these claims being submitted but not paid, they appear on patient’s account portals as outstanding payments.

“After one patient paid the full balance shown in her account, Mr. Ross spent time and effort issuing the patient a full refund, and explaining to other patients that they do not need to pay these balances even though they appear on their accounts.”

In February, the practice hired two additional providers who collectively see nearly 40 patients per week. But because they can’t bill for clients through the new practice, “they have continued to see their clients through other service providers, causing Twin Cities Counseling LLC to lose revenue.”

TherapyNotes is in the process of switching to a new clearinghouse, the lawsuit says. That means the clinic will need to spend time learning and implementing the new system and re-enrolling with payers while not receiving payment.

“Plaintiff has struggled to keep its accounting practices intact in light of Change’s failures,” the lawsuit says. “Plaintiff is unable to assign payments to specific clients, track client personal balances in real time ... [and] fears tax ramifications because of the accounting difficulties that would not have resulted but for the data breach.”

Star Tribune staff writer Mike Hughlett contributed to this story.

about the writer

about the writer

Christopher Snowbeck

Reporter

Christopher Snowbeck covers health insurers, including Minnetonka-based UnitedHealth Group, and the business of running hospitals and clinics. 

See More