Business & MarketsCompanies

UnitedHealth Projects Cyberattack to Cost $2.45 Billion in 2024

A hacking incident earlier this year had targeted the company’s Change Healthcare unit that handles 15 billion health care transactions annually.
Save
UnitedHealth Projects Cyberattack to Cost $2.45 Billion in 2024
The UnitedHealth Group headquarters in Minneapolis, Minn., on July 12, 2019. (Jim Mone/AP Photo)
Naveen Athrappully
Updated:
0:00

Health insurance firm UnitedHealth Group revised up the estimated cost of its February data breach to $2.45 billion for the year while also lowering the company’s earnings estimate for the period.

The cyberattack targeted UnitedHealth’s Change Healthcare unit. The company estimated in April that the attack would cost them $1.35 billion to $1.6 billion by the end of this year. UnitedHealth has now bumped up the estimate to $2.3 billion to $2.45 billion, according to a July 19 press release.

“The company has restored the majority of the affected Change Healthcare services while continuing to provide financial support to the remaining health care providers in need.”

UnitedHealth currently estimates the total full-year 2024 impact of the cyberattack at $1.90 to $2.05 per share, it said. This is up from the earlier estimate of $1.15 to $1.35 per share.

The net earnings outlook for 2024 has been lowered from a range of $17.60 to $18.20 per share to $15.95 to $16.40. The massive cyberattack is one of the reasons for lower projections.

For the first six months of 2024, UnitedHealth suffered $1.98 billion in costs due to the data breach, out of which $1.1 billion was accounted for by the three-month period between April and June.

Related Stories
Computer Hacking Charge Dropped Against Miami OnlyFans Model Accused of Killing Her Boyfriend
7/12/2024
Computer Hacking Charge Dropped Against Miami OnlyFans Model Accused of Killing Her Boyfriend
Ethereum Ecosystem Lost $400 Million From Hacking in First 6 Months of 2024: Report
7/7/2024
Ethereum Ecosystem Lost $400 Million From Hacking in First 6 Months of 2024: Report

Despite the high costs of the hacking incident, United Health reported positive results for second quarter 2024, with revenues jumping by almost $6 billion to $98.9 billion. The company’s earnings from operations fell from $8.1 to $7.9 billion, including the $1.1 billion cyberattack adjustment.

The data breach, however, hasn’t had much of an impact on UnitedHealth’s stock. So far this year, the firm’s shares were trading up by more than 6 percent by the end of Wednesday.
An investigation of the February breach found that the attack may have compromised certain personal identifiable information and protected health details. However, UnitedHealth has not found evidence that data like doctors’ charts or full medical histories were compromised.

The firm did not state the exact number of people affected by the cyberattack, but estimated the incident could have impacted “a substantial proportion of people in America.”

Change Healthcare is a clearinghouse for medical insurance claims and payments in the United States. The company says it completes 15 billion health care transactions annually, with one in three U.S. patient records passing through its system.

Impact of the Hack

The Change Healthcare cyberattack triggered widespread concerns in the medical field given its prominent role in processing insurance claims.
In the days following the attack, Change Healthcare’s services were disrupted and it became “harder for many hospitals and doctors to provide patient care, fill prescriptions, submit insurance claims, and receive payment for the essential healthcare services they provide,” according to a March 6 post by the American Hospital Association (AHA).

“Some hospitals and other care providers are experiencing extraordinary reductions in cash flow, threatening their ability to make payroll and to acquire the medical supplies needed to provide care,” it said at the time.

The AHA wrote a letter to lawmakers, seeking urgent support to minimize the fallout from the cyberattack. The organization wanted Health and Human Services (HHS) to direct Medicare Administrative Contractors to expedite hospital requests for advanced Medicare payments.
In May, the House Oversight and Investigations Subcommittee held a hearing on the incident. UnitedHealth CEO Sir Andrew Witty told lawmakers that the breach occurred since UnitedHealth wasn’t using multifactor authentication (MFA) to secure its networks.

“We’re continuing to investigate as to exactly why MFA was not on that particular service. It clearly was not,” he said. “Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition. For some reason, which we continue to investigate, this particular server did not have MFA on it.”

When pressured for a response on the number of impacted individuals, the CEO estimated that one-third of Americans could have had their sensitive health information leaked to the dark web. Mr. Witty also revealed that the company paid the hackers $22 million in Bitcoin as ransom.