Dive Brief:
- The top Democrat on the House Committee on Oversight and Accountability is pressing UnitedHealth Group for details on the cyberattack at Change Healthcare that’s derailed the healthcare sector for more than a month.
- In a letter sent Monday to UnitedHealth CEO Andrew Witty, Rep. Jamie Raskin, D-Md., asked for details regarding what data may have been exposed, what policies or procedures were in place to prevent an attack and details about the company’s financial assistance program for providers.
- Raskin also voiced concerns that UnitedHealth is restricting federal agencies from providing help, citing a comment from a cybersecurity agency about “the lack of transparency and lack of information” from UnitedHealth and Change.
Dive Insight:
While services are now beginning to come back online after the cyberattack in late February, with Change’s largest claims clearinghouses set to be restored over the weekend, providers say the long recovery has strained their finances and limited key tasks like prior authorization requests and patient eligibility checks.
A survey conducted by the American Hospital Association found 94% of respondents reported financial impact due to the cyberattack, with more than half experiencing “significant or serious” effects.
The letter from Raskin, which gives UnitedHealth an April 8 deadline for a response, cited pharmacy challenges too, including prescription delays at the military healthcare program Tricare. UnitedHealth said earlier this month its pharmacy network services had mostly been restored.
“Your company’s efforts to disconnect Change Healthcare’s systems in response to the February 2024 cyberattack appears to have disrupted patients’ timely access to affordable medication and interrupted crucial elements of our health care system,” Raskin wrote.
UnitedHealth’s growing presence in healthcare was featured in the letter too. Raskin said the company’s “rapid consolidation and vertical integration” has had “significant consequences” for the sector, including increased control of the health IT market with its Change subsidiary.
The insurer acquired the technology firm in 2022, after defeating a challenge from the Department of Justice that sought to block the deal. The DOJ had said the purchase would allow the healthcare giant to access data from billions of claims, including its insurer competitors.
In a statement, a UnitedHealth spokesperson said the company was prioritizing patient access to care, the restoration of its systems, data protection and raising awareness of its provider relief program.
“We are also committed to working with Congress and industry leaders to address cybersecurity to ensure the protection and resiliency of our health care system,” the spokesperson said.
Editor's note: This story has been updated with comment from UnitedHealth Group.