UnitedHealth Group expects mid-March recovery for systems affected by cyberattack

UnitedHealth Group is reporting progress on restoring systems affected by a cyberattack last month that snarled pharmacies and blocked claims processing at hospitals and clinics nationwide.

The Minnetonka-based health care giant expects the systems, which are associated with its Change Healthcare subsidiary and have been out for more than two weeks, to start coming back late next week.

UnitedHealth also announced improvements to its financial relief program for cash-strapped health care providers — a program hospitals had criticized earlier this week. Clinics and hospitals have been struggling to submit claims, raising concerns over a cash crunch that could make it difficult to make payroll and cover supply costs without bridge financing.

“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” said Andrew Witty, UnitedHealth Group’s chief executive officer, in a statement Thursday.

“All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications,” Witty said. “We’re determined to make this right as fast as possible.”

Electronic prescribing for pharmacies is now fully functional with claim submission and payment transmission also available, the company said.

An electronic payment system should be available for connection beginning March 15.

UnitedHealth expects to begin testing and re-establishing connections to its claims network and software on March 18, restoring service through the week.

Health care providers welcomed the promise of improvements, but said their problems are far from solved.

“We could be fast approaching a financial cliff,” said Dr. Rahul Koranne, chief executive of the Minnesota Hospital Association, in a Friday statement. “This leaves very difficult choices for providers and patients.”

With the cyberattack, many health systems have been giving out prescriptions and care, the Hospital Association says, hoping payments will be made eventually. The trade group says hospitals are drawing on already-depleted reserves and could join providers in other states who are struggling to pay rents and buy chemotherapy drugs for patients.

The process of fully restoring the payment system will likely go on for months, bringing what the association called “unprecedented administrative and financial burden on our patients and providers.”

“This is a heart attack for the financial circulatory system that keeps health care alive, and time is a critical factor,” Koranne said.

The Feb. 21 cyberattack prompted UnitedHealth to suspend operations of the electronic data clearinghouse at Change Healthcare, which is estimated to have processed half of all U.S. medical claims, including those from pharmacies, hospitals and clinics in recent years.

The company says cybercrime threat actors gained access to certain information technology systems at the subsidiary, and the actor represented itself as ALPHV/Blackcat. The group is notorious for encrypting data to hold it hostage in order to secure massive cryptocurrency payouts.

Earlier this week, there were signs that a ransom might have been paid to an account connected with ALPHV.

In its Thursday update, UnitedHealth Group also said it was taking several steps to speed reimbursement to health care providers for services provided to seniors.

In its Medicare Advantage health plans, the company is temporarily suspending prior authorizations for most services except durable medical equipment, cosmetic procedures and certain therapies paid for under Medicare Part B. The company said it also was temporarily suspending utilization review for Medicare Advantage inpatient admissions.

“Based on our ongoing investigation, there is no indication that any other UnitedHealth Group systems have been affected by this attack,” the company said.

The impact from the systems outage has varied, depending on how heavily hospitals and clinics relied on the Change Healthcare systems.

The Minnesota Hospital Association said this week that hundreds of millions of dollars in claims for payment have been held up. Some health systems on Thursday told the Star Tribune that huge problems remain while others reported progress.

“The cyberattack at Change Healthcare initially prevented our teams from submitting claims for medical services,” Children’s Minnesota said in a statement. “We have since been able to submit claims, but payments are delayed.”

But Dr. Neil Shah of Clarus Dermatology in New Brighton said he’s seen no change so far on the claims submission front. Even if UnitedHealth can stick to its schedule for making repairs, health care providers will have gone nearly one month without access to the claims processing system.

“I don’t know how they expect hospitals and clinics to operate for a month with zero cash flow,” Shah said. “And then there’s the claims processing delay before payments are seen by providers. Plus this assumes they actually have a fix that works. I doubt there won’t be hiccups even in the best-case scenario.”

Maggie Williams, co-owner of Flourish Business Solutions in Bloomington, said she was cautiously optimistic, adding that health care providers have been anxiously awaiting a timeline for repairs. Even so, the news left many questions unanswered, said Williams, whose company handles billing for a dozen independent mental health providers.

“Will they be able to handle the volume of claims?” she asked. “Will it take longer to process the claims, resulting in continued delayed payments to providers? When will we find out what data was exfiltrated from their system?”