Thirty-nine healthcare providers and the National Community Pharmacists Association are suing UnitedHealth Group over the Change Healthcare hack, claiming they have not financially recovered from the cyberattack.
The plaintiffs, comprising small and mid-sized providers across 22 states, assert that Change Healthcare failed to have cybersecurity safeguards in place, including multifactor authentication, that could have prevented the February ransomware attack that left large swaths of the healthcare industry unable to process claims and payments.
"For over four months (and counting), these healthcare practices have received little, if any, reimbursement from insurers for patient visits," according to the complaint filed July 19 in Minnesota federal court. "Without complete reimbursement, small and mid-sized practices cannot afford employee payroll, rent/mortgage, and medical supplies. This data breach has handicapped healthcare providers."
The plaintiffs are asking for an unspecified amount in damages as well as injunctive relief to prevent a similar event from happening in the future. The complaint claims the proposed class action would include more than 100 members and exceed $5 million.
"The most important issue is that those providers who were impacted also seek the support we have been offering from the early days of the cyberattack on Change," a UnitedHealth Group spokesperson told Becker's.
The company has distributed more than $9 billion in no-cost advance payments and loans to providers affected by the incident, UnitedHealth Group CFO John Franklin Rex said in a July 16 earnings call.