Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security The Almighty Buck

UnitedHealth Group Paid More Than $2 Billion To Providers Following Cyberattack (cnbc.com) 26

Posted by BeauHD from the significant-disruptions dept.
An anonymous reader quotes a report from CNBC: UnitedHealth Group said Monday that it's paid out more than $2 billion to help health-care providers who have been affected by the cyberattack on subsidiary Change Healthcare. "We continue to make significant progress in restoring the services impacted by this cyberattack," UnitedHealth CEO Andrew Witty said in a press release. "We know this has been an enormous challenge for health care providers and we encourage any in need to contact us."

UnitedHealth disclosed nearly a month ago that a cyber threat actor breached part of Change Healthcare's information technology network. The fallout has wreaked havoc across the U.S. health-care system. Change Healthcare offers e-prescription software and tools for payment management, so the interruptions left many providers temporarily unable to fill medications or get reimbursed for their services by insurers. UnitedHealth, which provides care for 152 million people, said on Monday that it began releasing medical claims preparation software, which will be available to thousands of customers in the next several days. The company called it "an important step in the resumption of services."

On Friday, UnitedHealth said it restored Change Healthcare's electronic payments platform, after rebooting 99% of its pharmacy network services earlier this month. It also introduced a temporary funding assistance program to help health-care providers experiencing cash flow trouble because of the attack. UnitedHealth said the advances will not need to be repaid until claims flows return to normal. Federal agencies like the Centers for Medicare & Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers, according to a release.
This discussion has been archived. No new comments can be posted.

UnitedHealth Group Paid More Than $2 Billion To Providers Following Cyberattack More

UnitedHealth Group Paid More Than $2 Billion To Providers Following Cyberattack

Comments Filter:

  • Maybe I'm just getting soft, but usually a few paragraphs of journalism reporting on the response of a major insurance company gets me very riled up.

    Not this time. There may be more to this story, but it sure looks like a major insurer did the right thing for everyone involved. Kudos.

    • Well they mostly made the companies almost go bankrupt by not fixing the problem so they where able to charge their customers then bought them on the cheap. So if that's the right thing to do then sure
      • I notice no posts in this topic got moderated up to more than 3 points. I put that down to PR coming in and downplaying the Boeing level incompetency that got interesting with a 'suicide'. The HOW part is still under wraps. I am snarky because root-cause has been buried, and real financial or pay bonus heat has been blunted.

    • Re: (Score:2)

      by gweihir ( 88907 )

      They really did not. They just gave money. Those affected will just get compromised again. And again. And again. What they would need to enforce in connection with that insurance is sane technological standards.

      • They really did not. They just gave money. Those affected will just get compromised again. And again. And again. What they would need to enforce in connection with that insurance is sane technological standards.

        True, dat. I wonder how the 2 billion compares to the money they would have spent with some decent security. Spending billions to save a couple million.

        • Not how capitalism works. They get so big that theyll take the whole insurance industry with them and demand bailouts from the government.

        • Re: (Score:2)

          by gweihir ( 88907 )

          Yep. Capitalists that do not understand how to invest in their own future. Short-sighted greed and stupidity at work.

          • Yep. Capitalists that do not understand how to invest in their own future. Short-sighted greed and stupidity at work.

            Greed has always fascinated me. While capitalism considers greed as harnessing a fundament of human nature, it drifts badly, as all pure 'isms do, and destroys itself if unchecked. The greediest will take over and suddenly it is oligarchy. The Laissez-faire free market implodes as soon as one or two successful businesses rise to the top. They do an instant reversal of previous belief in the free market.

            Communism becomes a dictatorship and fails because of the opposite - the command economy, the collectivi

  • UnitedHealth and every other insurance company usually sucks hairy goat balls, but for once it's nice that one of them is actually doing the right thing.
    • I'd guess that given the large number of providers this was a few hundred dollars per provider - probably not enough to keep their offices open.

  • $2B compared to how much lost?

    Prescription drugs are expensive.

  • Don't be fooled. Between some sort of direct government bail out and/or tax break the executive suite and board of directors will be completely insulated from any economic downside. Meanwhile all sorts of other people, like their workers and business partners will end up taking a hit. "Sorry, no raise for you, and unfortunately our rates will go up because shareholder value", i.e business speak for protecting the fortunes of the corrupt fools at the top.

    As for compensating the clients who actually got scre

  • A billion here, a billion there... (Score:4, Insightful)

    by bradley13 ( 1118935 ) on Friday March 22, 2024 @03:16AM (#64335543) Homepage

    Of course, they have also financed the cybercriminals, so we'll be seeing more of the same. Paying ransom should be flat-out illegal, landing the approving executive in jail. Knowingly financing criminals must be illegal, even under current law.

    What the company has not sufficiently revealed, is just how this became such a huge issue. A company of that size ought to have a solid disaster recovery plan as well as independent failover systems. Why were they not back and operating within a couple of days? Something went seriously wrong, and it would be useful for the IT community at large to know what it was.

    Not explaining leads to the assumption that it a management failure, probably refusing to provide sufficient resources for effective backup and failover systems.

    • I think the government should sue. AFAICT, it is already illegial to fund US sanctioned entities from within the US. If it is found that the entities were operating from a sanctioned state then there is a case to be made that this was an illegal action.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      And in the end, who really pays for it will be policy holders who will have their insurance payouts denied in order to recoup the money.

      The only bright spot might be that it only means one or two people more get denied their claim before it's made back.

  • Was those $2B really a bargain instead of building a secure infrastructure?

    Honest question here.

    • Re: (Score:3)

      by gtall ( 79522 )

      You aren't thinking like an CEO. $2 Billion is a one time charge to make a problem go away, i.e., the fact that companies relying upon your company are really pissed off. Paying yearly to keep up a security infrastructure is a recurring expense and hence to be avoided at all costs.

      The fact that the problem may appear year after year is beyond the scope of anything of which they must be concerned. It hasn't happened year on year, and hence is a one time, black swan event. Predicting that it might happen year

      • Re: (Score:2)

        by gweihir ( 88907 )

        That thing is that the problem will not go away. That slap-dash infrastructure (what "professional computing" looks like far too often these days), will just get compromised again. And now many potential attackers know these systems suck.

  • Any company that size has a BRP or DR plan, that has to be signed off each year. Were these objectives met is a binary yes or no, and as such no director bonuses for failure should be tolerated. The reporters never ask to see the risk management plan. Deepwater Horizon was another company with an 'anything will do' plan that was never read by anyone. Companies caught with their pants down, should be forced to select a different auditor/accountant for their annual reports as punishment.
  • Call me crazy but isn't this exactly the kind of monopoly you should be breaking up? Like no one is forced to buy an iPhone but Apple is all over the news because it's anti-competitive (again no one is forced to use an Apple product), but pharmacies are being forced to use this system and it shits the bed and you have serous distribution problems with prescriptions... but oh no Apple won't let me play in it's garden like I want to. I seriously think as a country you have to start re-evaluating which IT

  • UnitedHealth, which provides care for 152 million people.
    No, it's not doing that.
    At best it's a jobs machine for Ship B types. A worst a cynical middleman with luxury tastes between you and the actual healing of body and mind that you and your doctor are working at.

  • Welp, watch my health insurance premiums jump next year with United to pay for this...

Slashdot Top Deals

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Close