It’s sniffles season. People with asthma commonly suffer from allergies, too. Help your patients understand their allergic triggers with ImmunoCAP™ Specific IgE blood tests. And with this lab ordering guide, providers can browse region-specific profiles to help patients identify local allergic triggers. Learn more.
Just over a year ago, payment technology company Change Healthcare was hit by a cyberattack that impacted 190 million people, temporarily shut down pharmacies, and initiated a government probe.
In March, UnitedHealth Group (UHG), the biggest healthcare company in the US and owner of Change, doled out nearly $9 billion in loans, through a Temporary Assistance Program, to help providers get back on their feet. Last May, UHG’s CEO Andrew Witty told the Senate Finance Committee that UnitedHealth made a $22 million ransom payment to hackers.
Now, United is taking a page out of Rhianna’s book, saying it wants its money back—and it’s threatening to seize the funds if it doesn’t get them, according to reporting by the Wall Street Journal.
Payback. Witty said in the Senate Finance Committee meeting last May that the interest-free loans were meant to cover reimbursements that the providers would have received for care as they were recovering from the attack. He said United would “provide this assistance for as long as it takes to get providers claims and payments flowing at pre-incident levels.”
The Wall Street Journal reported that as of October 2024, United had been repaid $3.2 billion in these loans. But Christine Meyer, who runs an independent medical practice in Pennsylvania, told the WSJ that United gave her five days to pay back a $750,000 loan doled out in “the immediate aftermath of the Change Healthcare cyberattack.”
The doctor posted to LinkedIn, saying “Optum [a subsidiary of United] had thrown us a lifeline. Then they became a shark.”
“Of course, we signed the terms. We were desperate. But now? That same agreement is being used against us,” she wrote. “Not only can UnitedHealthcare withhold payments owed to us—they can debit funds directly from our bank accounts.”
On April 11, American Medical Association CEO Roger Connor wrote a letter to Optum asking the company to take an individualized approach to loan repayment and for flexibility on deadlines.
“Physician practices are still suffering severe financial distress as a result of the cyberattack nearly 14 months after the breach was first discovered,” the letter read. “Physicians and other medical providers did nothing wrong and were compliant with industry standards and regulations; they did not suffer any data breach of their systems but were powerless to prevent the widespread service outage caused by the failure of CHC to secure its data and keep its systems operational.”
A representative from Change gave a statement to the Minnesota Star Tribune and other outlets, including Healthcare Brew, noting that the company’s priority was to support providers in the short term, but now, over a year later, it wanted to recoup the fees, “as HHS [the US Department of Health and Human Services] itself did when it began recouping payments it provided under its own cyberattack lending program in July 2024.”
The statement also reads, “We continue to work with providers on repayment and other options, and continue to reach out to those providers that have not been responsive to previous calls or email requests for more information.”
United declined to provide its own comment.