AMA Update on Change Healthcare Cyberattack

UnitedHealth Group (UHG) issued a press release on Monday, April 22, with more information about the Change Healthcare cyberattack and the impact of the breach on personal data. UnitedHealth Group officials have agreed to address any additional questions. Please review the press release and send any questions you may have to [email protected].

UHG’s press release stated that its preliminary findings from the ongoing investigation and review of the data involved in the cyberattack consist of the following:

  1. Based on sampling of their data, files containing protected health information (PHI) or personally identifiable information (PII) were involved in the breach.
  2. This information could cover a substantial proportion of people in America.
  3. UHG has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data involved in the breach.
  4. It continues to monitor the internet and dark web to determine if data has been published.
  5. There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor.
  6. UHG offered to make notifications and undertake related administrative requirements on behalf of any provider or customer to help ease the reporting obligations on other stakeholders whose data may have been compromised.

UHG also posted about the “strong progress” that Change Healthcare is making to restore services, but we know that many practices are still facing major financial and administrative challenges due to the cyberattack. The AMA has developed another brief survey to gather up-to-date information on the impact of the breach on physicians and practices to inform our policy discussions with UnitedHealth Group, the Biden administration, and Congress. Survey responses are due Wednesday, April 24.

As UHG’s investigation proceeds to determine the scope and extent of the compromised information and the impacted customers and individuals, it created a dedicated website (changecybersupport.com) and call center (866.262.5342) to provide more information and resources, including free credit monitoring and identity theft protections for two years to anyone impacted. UHG expects more information and announcements to be forthcoming as its investigation continues, including an official notification of a breach.

For more information on UHG’s funding assistance program, please visit Temporary Funding Assistance for Providers. The CMS Change Healthcare/Optum Payment Disruption (CHOPD) program is available online. The AMA will continue to raise issues of concern to UHG, CMS, state regulators, and other payers. Additional information from the AMA is also available on our Change Healthcare cyber outage webpage.