UnitedHealth sued by pharmacists, providers hurt by Change Healthcare hack

UnitedHealth Group and its subsidiaries, Optum and Change Healthcare, are facing a lawsuit filed by a large pharmacy group and dozens of providers who argue they are facing ongoing and undue financial disruptions.

The National Community Pharmacists Association—a trade group representing 19,000 members—and nearly 40 provider organizations argue UnitedHealth, et al., failed to ensure adequate security over patient and payer data, resulting in the February ransomware attack on Change Healthcare. 

During the outage, the Centers for Medicare and Medicaid Services (CMS) deployed a system for emergency reimbursement. However, the plaintiffs argue the extended, months-long outage has left them struggling to receive full payment for care delivered, as Change Healthcare processes a massive number of claims. 

The lawsuit is seeking class-action status, with pharmacists and providers saying reimbursement is still not at pre-cyberattack levels, leaving their businesses struggling with revenue generation. Specifically, the plaintiffs claim they are still having difficulty submitting bills, verifying the insurance of patients and ultimately receiving payments. 

The problem is worse for small and medium-sized provider groups, the court filing claims.

Further, the lawsuit laments a lack of communication from Change Healthcare regarding the current status of recovery. Providers pleaded with UnitedHealth and the government for months to provide adequate guidance on the status of HIPAA-required patient notifications

In June, Change Healthcare and its parent company, UnitedHealth, acknowledged that personal medical data had been exposed to hackers during the breach. They began notifying providers whose patients were affected, with patient notifications following in July.

Patient data was put up for sale on the darkweb in April. At that time, UnitedHealth said it was still investigating the full impact of the breach. Hackers were ultimately able to gain access to Change Healthcare because a server lacked multifactor authentication, UnitedHealth CEO Andrew Witty confirmed during a hearing with Congress in May.

Other hospitals and provider groups have already filed separate lawsuits against UnitedHealth, et al. It is not clear how those will be affected by this new lawsuit, which was filed July 19. 

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

If passed, this bill would help clinician-led clinical registries explore Medicare data for research purposes. The Society of Thoracic Surgeons and American College of Cardiology both shared public support for the bipartisan legislation. 

Cardiologists and other physicians may soon need to provide much more information when ordering remote patient monitoring for Medicare patients.

Trimed Popup
Trimed Popup