At least 39 healthcare providers and the National Community Pharmacists Association (NCPA) are suing UnitedHealth Group over the Change Healthcare hack, claiming they have not financially recovered from the ransomware attack that took place in February. UnitedHealth Group’s CEO in an earnings call said the company was “a little over-optimistic” about how quickly business would return to normal. The company’s IT systems are mostly restored, but the company is still catching up on the claims backlog, officials say. The plaintiffs in the suit, led by NCPA, are mostly small and mid-sized providers across 22 states. They claim that Change Healthcare failed to have reasonable cybersecurity safeguards in place that could have prevented the attack, which ultimately crippled large segments of the healthcare industry, leaving providers unable to submit claims and receive payments. They say that even now, many of them have not received reimbursement owed them from insurers for patient services because of the Change system outage, and they’ve incurred costs from temporary workarounds. The plaintiffs are asking for an unspecified amount in damages as well as injunctive relief.
Recent federal moves on cybersecurity: For its part, the Department of Health and Human Services is working on an overhaul of its tech offices to align healthcare security practices and address artificial intelligence in healthcare settings, no doubt in response to the far-reaching effects of the Change Healthcare hack and other smaller but significant tech disruptions across the industry this year.