Attorney General Bonta Urges UnitedHealth Group to Help Patients and Providers Impacted by Change Healthcare Cyberattack

OAKLAND - California Attorney General Rob Bonta today joined a bipartisan, multistate coalition of 22 attorneys general in sending a letter to UnitedHealth Group, Inc. - the nation's largest health insurer as well as physician group, and the parent company of Change Healthcare - urging them to take action to better protect providers, pharmacies, and patients impacted by the catastrophic outage of Change Healthcare.

On February 21, 2024, Change Healthcare experienced a cyberattack by ALPHV/Blackcat, which crippled its platform. In the intervening weeks, providers, pharmacies, and facilities have reported catastrophic disruptions to care infrastructure, inability to verify coverage or obtain prior authorization, and inability to process claims or obtain reimbursements. Patients report delayed or denied access to prescription drugs, and scheduling appointments or procedures. The Change Healthcare outage profoundly disrupted patient care and has put some providers on the precipice of financial ruin.

"From disrupting operations of hospitals and medical facilities to significant delays in patient care, cyberattacks on our healthcare infrastructure leads to significant harm to our patients," said Attorney General Bonta. "Change Healthcare's recent cyberattack laid out these vulnerabilities, and the full impact of the incident remains to be seen today. That's why today, alongside attorneys general across this country, I am urging UnitedHealth Group to take comprehensive and immediate action to support patients and others who have been affected."

In the letter, the general call upon UnitedHealth Group to act swiftly to limit the harm to the states' care providers and patients. Specifically, for example, they ask UnitedHealth Group to take the following steps:

• Enhance and expand financial assistance, free of onerous terms, to all affected providers, facilities, and pharmacies.
• Ensure your financial assistance programs are not providing more advantageous financial assistance to providers, practices, or facilities that are owned by UnitedHealth Group.
• Shield the business information of providers and pharmacies from United's other corporate lines of business.
• Suspend requirements for prior authorizations, contemporaneous notifications of change of status, and other documentation requirements.
• Provide a dedicated help line for providers, facilities, and pharmacies.
• Provide a dedicated complaint resolution mechanism for state attorneys general and relevant state agencies.
• Proactively inform providers, facilities, pharmacies, and industry groups associated with each, of the steps they can take to preserve claims and receive prompt reimbursement.
• Expeditiously resolve the claims backlog and ensure prompt reimbursement of claims.
• Ensure providers, facilities, pharmacies, regulators, affected patients, and the public are informed of what data was compromised and what steps, if any, are needed for providers and patients to mitigate future identity theft or systems risks.

Attorney General Bonta is joined by the attorneys general of Arizona, Connecticut, District of Columbia, Hawaii, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Hampshire, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, South Dakota, Utah, Vermont, and Washington in sending this letter.

A copy of the letter can be found here.