On March 22, UnitedHealth Group published an estimated timeline for restoring some of its key products. The provided dates are projections the announcement read. Eligibility Processing is expected to be restored the week of March 25, while Clinical Exchange, the workflow enabling prescribing and ordering, is scheduled to be reinstated the following week. Risk Manager is anticipated to be restored during the week of April 8.
On Wednesday, March 20, UnitedHealth Group said that Change Healthcare’s cloud-based services for handling medical claims had been rebuilt. Reuters reported that “Amazon's cloud services for two of Change Healthcare's applications were restored from backups and cleared by their cybersecurity partners.”
Meanwhile, Steve Alder with The HIPAA Journal reported on March 20 that healthcare providers have started to file lawsuits against UnitedHealth Group, Optum Inc., and Change Healthcare. Due to the ransomware attack by the hacking group BlackCat on Feb. 21, many providers have had limited resources to cover expenses. “The severe delays in processing claims and revenue cycle services have pushed many healthcare providers close to bankruptcy,” Alder wrote.
Axios' Tina Reed reported on March 20 that a California therapy group alleged that the companies failed to maintain cybersecurity measures. “The practice is seeking restitution on behalf of a class of affected providers and an injunction ordering Change Healthcare to improve its cybersecurity practices,” Reed wrote.
A Mississippi women’s clinic filed a class action lawsuit earlier this month. Marianne Kolbasuk McGee reported for Bank Info Security on March 18 that the lawsuit alleges that Change Healthcare failed to protect its systems.
Additionally, Kolbasuk McGee reported that other complaints have been filed by individuals who alleged that their sensitive information is now in the hands of cybercriminals due to the company’s negligence.
At the same time, UnitedHealth Group has paid more than $2 billion to providers affected by the ransomware attack. “We know this has been an enormous challenge for health care providers, and we encourage any in need to contact us,” Andrew Witty, CEO of UnitedHealth Group, said in a statement.
“UnitedHealth hasn’t disclosed what kind of data was compromised in the attack, or whether it cooperated with the cyber threat actor in order to restore systems,” reported CNBC’s Ashley Capoot.
This is a developing story. Healthcare Innovation will continue to update its readers on ongoing developments.
