UnitedHealth cyberattack "one of the most stressful things we've gone through," doctor says

Exton, Pennsylvania — The ransomware attack last month on Change Healthcare, a subsidiary of UnitedHealth Group, has turned into a national crisis. For doctors like Christine Meyer of Exton, Pennsylvania, it has become a personal nightmare.

"It's been one of the most stressful things we've gone through as a practice, and that's saying something given that we survived COVID," Meyer told CBS News.  "…To find ourselves suddenly, you know, looking at our home and its value, and can we afford to put it up to pay our employees, is a terrible feeling."

The Feb. 21 hack targeting Change Healthcare forced the nation's largest medical payment system offline. More than three weeks later, it is still leaving hospitals, pharmacies and medical practices in a cash crunch.

"We cannot submit a single insurance claim, and we can't get any patient payments," Meyer said. "This is a problem."

On an average weekday prior to the cyberattack, Meyer said her practice would get anywhere from $20,000 to $50,000 in deposits.

In contrast, however, she disclosed her practice Tuesday received only $77 in deposits. She said it will take months for it to recover from the impact of the ransomware attack.

In an interview with CBS News Wednesday, Health and Human Services Secretary Xavier Becerra disclosed that, in a White House meeting Tuesday, he urged UnitedHealth Group CEO Andrew Witty to front hospitals and doctors more emergency funds.

"We will not continue to work with a clearinghouse exchange operation if it can't provide the payment for the services that our patients need," Becerra told CBS News.

A Russian-speaking ransomware group known as Blackcat has claimed responsibility for the attack, alleging it stole more than six terabytes of data, including "sensitive" medical records.

Becerra stressed that "there will be an investigation that occurs" into the attack and that "we will get to the bottom of this."

Meyer explained that it's not just a payroll problem, but a patient problem, potentially landing patients in emergency rooms.

"I'm most worried about having to reduce our hours," Meyer said. "Our patients that can't come here for their routine things, their sore throats, their cough, their blood pressure checks, where are they going to go?"

According to Becerra, U.S. healthcare companies need to secure their systems against the possibility that another such ransomware attack could create a similar situation.

"Everyone should be asking themselves, what's the answer to the question: What do I need to do to make sure I'm not the next target," Becerra said. "And what do I need to do to make sure that if I am a target, I don't bring a whole bunch of folks down with me over that cliff?"  

In a statement on its website, the UnitedHealth Group says that "Change Healthcare has experienced a cybersecurity issue, and we have multiple workarounds to ensure provider claims are addressed and people have access to the medications and care they need."

In:
• UnitedHealth Group
• Cyberattack
• Ransomware

Nicole Sganga

CBS News reporter covering homeland security and justice.

Twitter