Connecticut Attorney General William Tong has joined a multi-state coalition of 22 attorneys general urging United Health Care Inc. to take more proactive action to protect healthcare providers, pharmacies, and patients who were harmed in the recent cyber attack on their subsidiary, Change Healthcare.
On Feb. 1, Change Healthcare was attacked by the Russian cyber gang ALPHV/Blackcat, who crippled the company’s computer platform for a week, impacting tens of thousands of healthcare providers and insurers across the country.
In Connecticut, the complete impact of the hackers’ attack is hard to quantify. But according to figures from the state’s insurance department, the attack appears to have impacted the data – or access to the data – of nearly 1.7 million people with either an HMO or an Indemnity Health Insurance plan. Further, the outage would have impacted many if not all of the state’s 9,220 primary care physicians, 2,600 physician’s assistants, 72 hospital/primary care facilities, and about 600 retail and independent pharmacies, all of whom reportedly rely upon Change Healthcare’s systems.
Pharmacies across the state and the nation reported being unable to process claims or obtain reimbursement for services, and patients reported delays or were denied access to essential prescription drugs and the ability to schedule appointments with their health providers.
Change Healthcare runs the nation’s biggest healthcare clearinghouse and was acquired in 2022 by United Health Group.
In a statement AG Tong said:
“The consequences of the Change Healthcare cyberattack have been nothing short of catastrophic for healthcare providers in Connecticut and nationwide. The response from Change and UnitedHealth Group has been inadequate. I join attorneys general nationwide in calling on Change and UnitedHealth Group to take immediate, aggressive action to protect our critical healthcare infrastructure and aid impacted providers.”
In the letter to United Health Group, the 22 AGs have called for immediate and enhanced financial assistance to all affected providers and pharmacies.
To ensure that financial help is advantageous to all who use their systems and most importantly to inform everyone which datasets were compromised and what steps are needed for providers and patients to mitigate future identity theft.
United Health Group recently reported revenues of $99.8 billion, up almost $8 billion over the same period the previous year.
The company confirmed that it has paid a ransom to the hackers in an effort to mitigate ongoing problems.
Multiple media reports suggest that the ransom figure was around $22 million in the form of Bitcoin, that figure has not been confirmed by United Health Group.
In a recent statement, United Health Group said it could take several months to completely resolve the problems.
Day Kimball Healthcare, based in Putnam, is one of the affected smaller healthcare providers in the state.
Day Kimball CEO Kyle Kramer said the impact of the attack has been significant.
“The level of business interruption that transpired as a result of the cyberattack on Change Healthcare has had deep repercussions,” Kramer said. “While larger, urban institutions may have been able to ride the wave of cash flow interruption, small organizations like Day Kimball do not have the cash reserves to cushion such an interruption for long periods of time. We did work quickly with the rest of our payors to establish processes for advances, but it was definitely the case that we were in a bit of a scramble.”
And Greg McKenna, chairman of a small network of independent pharmacies based in Middlesex and New London counties, said he could almost find humor in the situation “if it wasn’t such a tragic example of the behavior that has existed with all the PBM’s (pharmacy benefit managers) and their respective insurance company owners in total.”
He said that Optum (the PBM for United Health Care), Express Scripts (PBM for Cigna), and Caremark (PBM for Aetna/CVS), “are supposed to provide mechanisms to increase the quality and delivery of healthcare, as well as monitor the cost to actually decrease cost, not increase it. This flagrant disregard for the financial impact on their clients is abhorrent. The PBM’s knew which people and which prescriptions were affected. They see every claim.”
A spokesperson for United Health Group said the company was aware of the letter sent from the Attorneys General.
“Since day one, we have prioritized patient access to care, and providing resources and support to concerned individuals, providers, and customers,” United Health Group’s spokesperson said. “We continue to offer financial assistance to those providers who need it and encourage them to contact us.”
