UnitedHealth CEO to testify before Congress about cyberattack that could cost firm $1.6B
After UnitedHealth was a no-show at the House hearing last week on the Change Healthcare cyberattack, UnitedHealth Group CEO Andrew Witty is now scheduled to testify before a House panel on May 1.
UnitedHealth Group CEO Andrew Witty is scheduled to testify before a House panel on May 1 about the Change Healthcare cyberattack that could cost as much as $1.6 billion this year.
Cathy McMorris Rodgers, R-Wash., chair of the House Energy and Commerce Committee, and Morgan Griffith, R-Va., chair of the Subcommittee on Oversight and Investigations, announced the appearance in a joint statement while criticizing Witty for failing to appear at another hearing last week.
“Americans are still dealing with the fallout of the Change Healthcare hack,” they said. “Individuals and smaller providers in particular have struggled financially following the cyberattack, threatening critical access for patients. While we’re disappointed that UnitedHealth could not join us for the recent Health Subcommittee hearing on cybersecurity, we look forward to learning more on what happened in the lead-up to and in the weeks following the attack. This hearing will help inform the committee as we continue working toward solutions that protect the health and well-being of all Americans.”
Meanwhile, UnitedHealth said the cyberattack cost the company $872 million in the first quarter alone. Optum, Change’s parent division, reported a loss of $642 million in the quarter through a combination of reduced revenue and the costs of response. UnitedHealthcare, UnitedHealth’s insurance division, reported an additional $230 million in costs.
Change has been focusing on system restoration, with the functionality of its pharmacy claims and payment up to 80%, Roger Connor, CEO of Optum Insight, told investors. A number of other products will come back online in the next few weeks, and the next step is working with payers and providers to reconnect them to the network. Most of Change’s operations have been resumed, but the company doesn’t expect to get back to full “expected service levels” until next year.
Related: Medical providers still struggling to get paid since Change Healthcare cyberattack
The cyberattack also increased medical costs for UnitedHealthcare, because the insurer suspended some care management processes in March following the attack. These included reviewing whether a patient qualifies for inpatient care and some outpatient prior authorizations, UnitedHealthcare CEO Brian Thompson said. The loss of those processes, which were resumed in the past few days, drove up UnitedHealthcare’s medical loss ratio, a marker of how much it’s spending on patient care, to 84.3% from 82.2% the same time last year.
Despite estimating that costs from the Change Healthcare cyberattack could reach $1.6 billion this year, executives suggested that the financial fallout may be less serious than feared.