- its communication in those early stages as not helpful to nonexistent.
- practitioner
- revenue shortfall
- upbeat public statements
- before things had gone awry
- The Americal Hospital Association has expressed displeasure with UnitedHealth's response to the hack.
- embattled providers
UnitedHealth Grapples With Communications During Hack Crisis
Some medical providers say they have been ignored, others pressured to make positive statements
Change Healthcare, a technology middleman in transactions between medical providers and insurers, disconnected more than 100 systems after a ransomware attack on Feb. 21. As the largest U.S. clearinghouse for medical claims, processing around 15 billion transactions a year, the sudden outage left many medical providers across the U.S. unable to bill insurance providers.
The day after the hack, UnitedHealth filed a regulatory disclosure with the U.S. Securities and Exchange Commission blaming a nation-state actor and pointing to a technical support website providing slim updates about downed services. Less than a week later, the company followed up with a second filing, this time blaming the ALPHV ransomware gang.
In the following days, Optum, the subsidiary through which UnitedHealth owns Change Healthcare, posted more than 60 updates on the technical support website saying the company was responding to a cyberattack, but little else.
By early March, UnitedHealth had launched a more detailed and regularly updated site that listed timelines for when it expected to restore various services. Cyber chiefs from major healthcare networks were invited to conference calls with UnitedHealth, the company said, but smaller medical providers describe its communication in those early stages as not helpful to nonexistent.
“We haven’t had any communications from United to us as providers or practice owners about what’s happening. We’re getting it from the news,” said Linda Zaffram, the founder and chief executive of Midlothian, Va.-based therapy clinic Healing Circle Counseling.
Eric Hausman, a spokesman for UnitedHealth, said the company has “moved swiftly and transparently to communicate with those impacted by this attack in the shortest time possible.”
The conference calls have been expanded to medical professionals, customers and others, Hausman said, adding, “The calls have been attended by thousands of people who had an opportunity to ask our leaders questions.”
UnitedHealth’s unusual move to contact individual practitioners named in local or national news stories about the cyberattack has backfired in some cases. Hausman said it was an effort to spread the word about its relief funds programs. The company has issued $4.4 billion in loans, he told The Wall Street Journal.
Yet some who have taken loans from the company to help with ongoing revenue shortfalls say they have felt pressured by UnitedHealth to make upbeat public statements about the support.
At the very beginning, though, some providers say they had no official information.
Randy Yates, chief information security officer at Houston’s Memorial Hermann Health System, reached out to fellow security chiefs at other health organizations for intelligence. When he learned that Change had been hacked, he and his team disconnected Memorial Hermann from all Change systems, he said.
Franciscan Health, which runs 13 hospitals and dozens of other facilities across Indiana and Illinois, didn’t wait for official word from UnitedHealth that things had gone awry.
“We started to hear whispers among friends about outages,” said Jay Bhat, administrative director of information security. The healthcare network disconnected all interfaces to Change and set up alternatives for key functions, such as claims-processing, retail pharmacy and printing, he said.
“Our teams were really dying for information about what was going on and how long things were going to be down,” he added.
On March 1, UnitedHealth launched a website with more details on when it expected to restore key Change services, which it has continued to refresh with new information. It has received 500,000 unique visitors to date, Hausman said.
The company has restored some services, including pharmacy systems and its claims platform, and this week expects to bring back software that integrates prescriptions into electronic health records, and payer connectivity services. But it has a ways to go.
“Change did themselves a good service in communications to build out that website for daily updates,” Yates said. “There are pages and pages of services with a red ‘X’ or green check. You will see a lot more red things than green things, but at least we know.”
The U.S. government continues to push UnitedHealth for more information. Anne Neuberger, deputy national security adviser for cyber and emerging tech, has pressed the company “to be public and more clear, and more specific about restoration timelines,” Biden administration officials said. A number of lawmakers say they have also been in direct contact with UnitedHealth’s leadership about the crisis, including Sen. Maggie Hassan (D., N.H).
The American Hospital Association and other healthcare lobby groups have expressed displeasure with UnitedHealth’s response to the hack. The AHA said the terms of the company’s initial loan programs for embattled providers were unacceptable.
Communicating with customers, the media, employees and regulators during cyberattacks can be overwhelming, said Meredith Griffanti, senior managing director and global head of cybersecurity and data privacy communications at
Griffanti, who worked on crisis communications for credit bureau Equifax during a 2017 data breach, and Colonial Pipeline after it was attacked with ransomware in May 2021, said companies have to balance the pressure to provide updates while also giving out substantive information, she said.
“The content of your updates needs to be meaningful,” she said. “People get frustrated when you’re saying something just to simply provide an update.”
Dr. Margaret-Mary Wilson, UnitedHealth’s chief medical officer, said during a recent briefing with California medical providers that the company had sent hundreds of thousands of emails about its assistance programs, and made thousands of calls.
Some providers received low offers at first, and only gained substantial help after speaking publicly on their situation, they said.
Christine Meyer, a doctor who owns a primary-care practice that employs 85 clinicians and staff in Exton, Pa., said she received a personal call from Optum’s chief operating officer, Cory Gundberg, to help organize a loan for her practice the day after appearing on an episode of a Wall Street Journal podcast on March 14.
Emily Benson, a therapist from Edina, Minn., said she started to get help after she was featured in a March 15 article about the outage in the Minneapolis Star Tribune.
“As soon as that article broke, all of a sudden I got a call from United, and my phone started blowing up,” she said.
Then she began receiving emails and phone messages from Optum’s communications department. The voice mails, some of which have been reviewed by the Journal, asked her to make statements on social media or talk to journalists about the help she has received from the company.
Benson said she is angry and stressed by the requests. “You want me to sing your praises? I don’t think so,” she said.
Hausman, the UnitedHealth spokesman, acknowledged the outreach.
“In a small number of cases, we asked providers who received funds if they would be willing to help alert other providers of available funding. Our goal has always been to help get the word out to as many providers as possible,” he said.
Write to James Rundle at james.rundle@wsj.com and Kim S. Nash at kim.nash@wsj.com
'New Vocabularies' 카테고리의 다른 글
| ‘Social Order Could Collapse’ in AI Era, Two Top Japan Companies Say (0) | 2024.04.09 |
|---|---|
| The Big Work Lie: Being Indispensable Will Save Your Job (0) | 2024.04.08 |
| They Thought Ozempic Would Help Them Lose Weight. It Didn’t Work. (0) | 2024.04.03 |
| Boeing’s Next CEO Will Have ‘Massive Job’ at Company in Crisis (0) | 2024.03.26 |
| Schumer Has Crossed a Red Line Over Israel (0) | 2024.03.22 |
