Joined by 22 attorneys general throughout the United States, New York Attorney General Letitia James urged UnitedHealth Group, Inc., the nation’s largest health insurer, to take immediate action to assist patients, providers, and pharmacies affected by the recent cyberattack on its subsidiary, Change Healthcare. The cyberattack in February 2024 disrupted health care providers’ networks, causing delays in patient access to care, denial of access to prescription drugs, and difficulty scheduling appointments or procedures. Millions of New Yorkers have been impacted by this cyberattack, resulting in financial harm for providers across the country.
“Patients and health care providers nationwide should not have to suffer because of UnitedHealth’s failures,” James said. “Accessing care has become much harder for patients due to the delays and disruptions caused by this cyberattack. UnitedHealth has an obligation to protect its patients and must take action to minimize the harm caused by the attack. I stand with a bipartisan coalition of attorneys general in urging UnitedHealth to address this issue.”
Change Healthcare, acquired by United in 2022, operates the nation’s largest electronic health care payment system, used by tens of thousands of providers, pharmacies, and insurers for essential administrative tasks in health care delivery. The cyberattack by the ALPHV/Blackcat cybercriminal group in February crippled Change Healthcare’s platform, resulting in catastrophic disruptions for providers, pharmacies, and health care facilities nationwide.
In the letter, James and the bipartisan coalition of AGs called upon UnitedHealth Group to take immediate steps to limit harm to health care providers and patients. These steps include, among other things, enhancing financial assistance to affected providers and facilities, ensuring equitable financial assistance distribution, protecting providers’ business information, suspending documentation requirements, providing dedicated support lines, resolving claims backlog promptly, and informing stakeholders of compromised data and mitigation steps.
Joining Attorney General James in the letter are the attorneys general of Arizona, California, Connecticut, Hawai’i, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Hampshire, North Carolina, Oregon, Pennsylvania, Rhode Island, South Dakota, Utah, Vermont, Washington, and the District of Columbia.