The Impact of Change Health and UnitedHealth Group Cyberattack

Original Publishing Date:
March 12, 2024
Last Update:
March 12, 2024

Note: If you are only interested in the ways this impacts services provided by Chicago Counseling and Virtual Therapy Clinic please scroll down to the section titled “How does this affect patients and clients receiving care at Chicago Counseling and Virtual Therapy Clinic?”

What happened in the Change Health Cyberattack?

Change Healthcare, a division of UnitedHealth Group and a key player processing 15 billion healthcare transactions yearly, recently succumbed to a ransomware attack. This cyber assault targeted the largest healthcare payment system in the United States, causing significant disruptions across the healthcare industry.

Ransomware, a malicious software designed to block access to a computer system until a sum of money is paid, was the weapon of choice in this attack. Perpetrated by a cybercrime threat actor self-identifying as ALPHV/Blackcat, the attack not only impacted UnitedHealth's operations but also rippled outwards to affect several other major players in the healthcare ecosystem, including CVS Health, Walgreens, AthenaHealth, GoodRX, and many more. The attack reached family-owned and military pharmacies, as well as many smaller healthcare providers.

Change Health, a part of United's health services unit Optum, prompted many hospitals, pharmacies, and physician offices using its payment network to disconnect from Optum and some UnitedHealth systems as a precautionary measure.

The goal of ransomware attacks, such as the one faced by UnitedHealth's Change Healthcare division, is typically financial gain. By holding critical systems hostage, hackers aim to extort money from the affected entities, often disrupting services and causing chaos in the process.

What are the consequences of the Change Health and UnitedHealth Group Cyberattack?

The fallout from the attack has been profound, revealing the vulnerability of the healthcare industry to such cyber threats. The lack of robust regulations governing insurance companies and healthcare giants has exacerbated the situation. With one attack, entire networks can be crippled, endangering healthcare providers and hindering patient access to essential services.

In response to the crisis, UnitedHealth Group's Optum division launched a Temporary Funding Assistance Program aimed at helping affected providers bridge short-term cash flow gaps. However, this effort has been met with criticism from entities like the American Hospital Association (AHA), which deemed the program insufficient to address the payment problems stemming from the attack.

Additionally, the U.S. Department of Health and Human Services has announced flexibilities for hospitals impacted by the attack, though these measures have also faced scrutiny for not constituting an adequate response to the crisis.

Smaller providers, particularly physician groups, mental health practices, and federally qualified health centers, are facing existential threats. Safety net providers, responsible for the care of vulnerable patients, may struggle to meet payroll and could face closure. The financial strain goes beyond awaiting owed funds, as providers have incurred substantial expenses implementing manual workarounds. Additionally, once payments resume, potential errors in paperwork and lack of prior authorizations may impede the actual payout.

Amidst the chaos caused by the ransomware attack, patients have borne the brunt of the disruption. Delays in accessing medications, treatments, and healthcare services have created significant challenges for individuals seeking care. Many have had to pay cash upfront for prescriptions and services and hope for reimbursement later, some without the ability to pay cash have had to go without.

While incidents like these are concerning, it's essential to reassure our clients that their access to our services will remain unaffected due to our robust systems and protocols in place.

How does insurance billing work, and why is this attack so impactful?

Insurance billing is a complicated process and is impacted by whether the provider is considered in-network or out-of-network. Due to the insurance mandate of “medical necessity” the word patient will be used in describing our work with clients.

In-network insurance is billed only after a patient consumes a service. Modern billing process involves an electronic claim being sent to a clearinghouse that must meet certain criteria, ie. exact name of insured, date of birth, etc. After it is “cleared” they send it onto the insurance company. The insurance company conducts due diligence by establishing medical necessity, ensuring the policy holder has a current plan, and determines the plan’s benefits. The insurance company either accepts the claim or rejects the claim. If it is rejected, communication is sent to both the provider and the policyholder, usually the patient/client and means the patient must pay the cash rate for the service they consumed. If the claim is accepted, the insurance company determines the coverage based on their contracted rates and the individual policy holder’s plan benefits. It is then separately returned to the provider and the patient.

This is why all verifications are considered estimates until all claims are returned, because there are many factors in the insurance company’s determination that are out of the control of the provider and the verification process. This is also why there can be delays between out of pocket estimates, the time the patient consumes the service, and the final billed amounts from the provider. The insurance system unfortunately leads to general complications and frustrations, which was highlighted by the recent cyberattack fall out.

For more information on the insurance billing process please see our Medical Insurance FAQ

Learn more

The cyberattack was specifically on a large clearinghouse that is utilized by thousands of providers and insurance companies, which stopped the ability to bill for all medical services in their tracks. This impacts patients ability to use their benefits and providers ability to be paid for the services rendered.

How does this affect patients and clients receiving care at Chicago Counseling and Virtual Therapy Clinic?

The effects of this Change Healthcare cyberattack may impact our clients who are receiving medical care and billing their insurance at other hospitals or clinics. It may impact the billing of many medical services including recent hospital visits or prescription refills.

While incidents like these are concerning, it's essential to reassure our clients that as far as we have been able to determine so far, access to our services will remain unaffected due to the robust systems and protocols in place.

Chicago Counseling and Virtual Therapy Clinic use an alternative clearinghouse to the one affected by the cyberattack. We have since determined additional alternatives for a clearinghouse and billing processes should there be a more widespread impact across additional clearinghouses or insurance companies. We remain hopeful that current billing processes and procedures will not experience delays or problems.

If you have any questions or concerns regarding the recent UnitedHealth Group Cyper attack please contact us!

More articles in this series

No items found.
Rachael Miller, MA, LCPC, NCC, EAC, EMDR-C

Rachael is a Board Certified, Licensed Clinical Therapist and the owner of Chicago Counseling. She is known for her work both nationally and globally for creating dozens of innovative community programs, education seminars, and intervention optimization projects.

See Full Profile
Chat with us
No matter where you are at in life, our therapists are here to help you. Get started with Virtual Therapy Clinic.
Get Started