News

NYSAG Joins Coalition Urging Change Healthcare to Help Providers and Patients Harmed by Cyberattack

Apr 29, 2024

Per the notice below, the New York State Attorney General (NYSAG) has joined a multistate coalition urging Change Healthcare to help patients and health care providers harmed by the cyberattack that Change Healthcare suffered.

Attorney General James Urges UnitedHealth Group to Help Patients and Providers Harmed by Cyberattack

Cyberattack on Change Healthcare’s Systems in February Affected Millions of Patients and Providers Nationwide, Disrupting Access to Care and Payments to Health Care Facilities

New York Attorney General Letitia James joined a multistate, bipartisan coalition of 22 attorneys general in urging UnitedHealth Group, Inc. (United), the nation’s largest health insurer, to better protect patients, providers, and pharmacies harmed by the recent cyberattack on its subsidiary, Change Healthcare.  Following the cyberattack on Change Healthcare in February 2024 that disrupted health care providers’ networks, patients have reported delays in access to care, have been denied access to prescription drugs, and have had difficulty scheduling appointments or procedures.  Millions of New Yorkers have been affected by this cyberattack and providers have been unable to process insurance claims, causing financial harm for providers in New York and across the country.  Attorney General James and the bipartisan coalition are calling on United to improve transparency about the cyberattack, quickly resolve the backlog of claims, and take more steps to protect patient data.

“Patients and health care providers nationwide should not have to suffer because of UnitedHealth’s failures,” said Attorney General James.  “Scheduling a medical procedure can already be worrisome, and now the delays and disruptions caused by this cyberattack have made accessing care much harder for patients.  UnitedHealth has an obligation to protect its patients and must do more to minimize the harm of the cyberattack on its systems.  I am proud to stand with a bipartisan coalition of attorneys general in urging UnitedHealth to take action and fix this problem.”

Change Healthcare, which was acquired by United in 2022, runs the nation’s biggest electronic health care payment system.  Its technological infrastructure is used by tens of thousands of providers, pharmacies, and insurers to verify insurance, confirm pre-authorization of procedures or services, exchange insurance claims data, and perform other administrative tasks essential to the delivery of health care.  In February 2024, Change Healthcare experienced a cyberattack by a cybercriminal group called ALPHV/Blackcat, which crippled its platform.  Since the cyberattack, providers, pharmacies, and health care facilities nationwide have reported catastrophic disruptions, and have been unable to verify insurance coverage, obtain prior authorization for health care services, process claims, or obtain reimbursements for patients.  In the letter, Attorney General James and the bipartisan coalition call upon UnitedHealth Group to act quickly to limit the harm to the states’ health care providers and patients.  Specifically, the coalition asks UnitedHealth Group to take the following steps:

  • Enhance and expand financial assistance, free of onerous terms, to all affected providers, facilities, and pharmacies.
  • Ensure financial assistance programs are not providing more advantageous financial assistance to providers, practices, or facilities that are owned by UnitedHealth Group.
  • Shield the business information of providers and pharmacies from United’s other corporate lines of business.
  • Suspend requirements for prior authorizations, contemporaneous notifications of change of status, and other documentation requirements.
  • Provide a dedicated help line for providers, facilities, pharmacies, and state attorneys general.
  • Proactively inform providers, facilities, pharmacies, and industry groups associated with each, of the steps they can take to preserve claims and receive prompt reimbursement.
  • Expeditiously resolve the claims backlog and ensure prompt reimbursement of claims.
  • Ensure providers, facilities, pharmacies, regulators, affected patients, and the public are informed of what data was compromised and what steps, if any, are needed for providers and patients to mitigate future identity theft or systems risks.

Joining Attorney General James in the letter to UnitedHealth Group are the attorneys general of Arizona, California, Connecticut, Hawaii, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Hampshire, North Carolina, Oregon, Pennsylvania, Rhode Island, South Dakota, Utah, Vermont, Washington, and the District of Columbia.