Facing Future 2: Walgreens writes down $5.8B for VillageMD in Q2, lowers 2024 earnings on ‘challenging’ retail outlook

Walgreens unsparing in FY 2024 Q2 results, affected by VillageMD closures, weak retail, and inflation. In a financial report released Thursday, remarkably devoid of happy talk, Walgreens Boots Alliance (WBA) presented a ‘picture adjustment’ that wrote down VillageMD’s losses even while locations are being closed. WBA also factored in for full year 2024 the ‘challenging retail environment in the US’ as well as the blurry picture of the US Healthcare division that includes VillageMD, Summit Health/CityMD, Shields Health Solutions (pharmacy), and CareCentrix (home care). 

For WBA in total, the first six months of their fiscal year, through 29 February 2024, reflected a tidy increase in sales: 8.1% from the year-ago period (7.2% in constant currency) to $73.8 billion. Operating loss was $13.2 billion, versus prior year/same period loss of $6 billion.

  • Most of the operating loss was attributable to VillageMD’s exits from Florida, Indiana, Chicago, Boston, Rhode Island, and Las Vegas. The total number of locations will be 140, not the earlier reports of 50 that grew to 85. Both were confirmed by a company spokesperson to Forbes.
  • Financially, the impact is a $12.4 billion non-cash impairment charge related to VillageMD goodwill, resulting in a $5.8 billion charge attributable to WBA, net of tax and non-controlling interest.
  • The six-month net loss: $6.0 billion versus $3.0 billion in prior year/same period, again taking into account non-cash impairment charges.
  • This totals to a loss per share of $6.93 compared to loss per share of $3.50 in prior year/same period.

As noted earlier, this Editor’s math is that Walgreens in the US sank close to $10 billion in VillageMD including their minority then majority interest, plus subsidizing their purchase of Summit Health. This write-off is well over half. The fact that the write-off of closing markets, locations, and goodwill is not being delayed past the fiscal mid-year is aggressive. Contrast this to Teladoc, which waited a full year to write down Livongo.

US Healthcare as a whole for Q2 rose 33.2% in sales, narrowed operating loss to $34 million versus last year’s $159 million, and came up positive in EBITDA with $17 million, a $127 million increase versus the same quarter prior year. For the full year, WBA is projecting a breakeven of plus/minus $50 million.

Retail sales continued to weaken, with a 4.5% decrease for the quarter ending 29 February. Comparable retail sales decreased 4.3% versus same quarter in prior year. Pharmacy sales were higher, driven partially by higher drug costs, with a 8.7% rise.

Rounding out the picture, for the full year, WBA’s earnings per share guidance lowered to $3.20 to $3.35.  WBA earnings release, FierceHealthcare,CNBC    CEO Tim Wentworth will have an interesting next six months to turn this ship around.

Short takes: PocketHealth, Brightside fundings; VA OIG reports hit Oracle Cerner; Change cyberattack/legal updates; UHG-Amedisys reviewed in Oregon; Optum to buy Steward Health practices

It’s a relatively quiet week before the Easter holiday, with a few fundings, more drama at the VA around Oracle Cerner, updating Change Healthcare’s comeback, and the continuing scrutiny around UnitedHealth’s acquisitions:

PocketHealth garners a US$33 million Series B. The Toronto-based company markets an AI-assisted platform to health systems and providers that allows patients to access their medical imaging and reports as well as for providers to easily share imaging information. The funding was an all-equity round by Round13 Capital with participation from Deloitte Ventures, Samsung Next, and existing investors Questa Capital and Radical Ventures to bring total funding since 2020 to $55.5 million. The fresh funding will be used to grow further within the US and Canada and develop new platform functions. Patients have access to three platforms:  Report Reader to explain medical terms in the patient’s report, Follow-Up Navigator for follow-up imaging recommendations, and MyCare Navigator to equip patients with relevant, personalized questions to ask their doctor. The platform is available in 775 hospitals and imaging centers across North America and is used by more than 1.5 million patients.  PocketHealth release, Mobihealthnews

Brightside Health moves to a Series C of $33 million. This round for the telemental health company was led by S32, along with Kennedy Lewis, Time BioVentures, and Anne Wojcicki (Redwood Pacific) with existing investors ACME, Mousse Partners, and Triventures. Total funding since 2018 is $114 million. Brightside provides telemental health through payers in 50 states such as CareOregon, Blue Cross and Blue Shield of Texas, and Centene. The new funding will be used to expand into the usual new markets and offerings. Trip Hofer, who was former CEO of Optum Behavioral Health Solutions and now with .406 Ventures, will join the Brightside board of directors. Their most recent moves are expansion into Medicare and Medicaid programs for psychiatry, therapy, and their Crisis Care program for individuals with elevated suicide risk. Release

The Department of Veterans Affairs Office of Inspector General (OIG) released three reports last Thursday (20-21 March) that were sharply critical of the new Oracle Cerner EHR. While Oracle Cerner Millenium operates in only five VA locations, not including the joint MHS/Genesis Lovell FHCC, each one has been problematic from training to implementation–and are on hold. The OIG reports available here on the Electronic Health Records Modernization (EHRM) are scathing on the EHR’s scheduling and pharmacy features leading to patient safety and staff usability issues.

  • At VA Central Ohio Healthcare System (facility) in Columbus and elsewhere, this led to inaccurate medication and allergy information transmission from new EHR sites to legacy EHR sites that staff and pharmacists had to work around to provide adequate safety checks.
  • Also at VA Central Ohio, the Cerner EHR system error in 2022 led to a patient’s missed appointment since it was not routed to a queue to prompt rescheduling efforts. Subsequently, a nurse practitioner never evaluated the medication refill request, nor did a psychologist evaluate mental status and critical clinical information. The veteran patient died by accidental overdose approximately seven weeks after that missed appointment.
  • Regarding future implementations, the OIG was specific on what had to be fixed on both: “These concerns include the need for additional staffing and overtime to meet or exceed pre-deployment appointment levels, displaced appointment queue functionality, challenges related to providers and schedulers sharing information, inaccurate patient information, difficulties changing appointment type, and the inability to automatically mail appointment reminder letters. At facilities currently relying on the EHR, these issues have resulted in inconsistent workarounds and additional work, increasing the risk for scheduling errors.” 

Healthcare IT News, Healthcare Dive, EHR Intelligence, TTA 22 Feb

Change Healthcare’s systems are gradually returning. Since our last update on 14 March, UnitedHealth Group confirmed that 99% of pharmacy network services were up and running–and that they have fronted $2 billion to providers. Separately, they launched workaround software for medical claims preparation.

  • On 15 March, the electronic payments platform was restored.
  • On 20 March, UHG restored Amazon Web Services. It was backed up from Assurance, a claims and remittance management program, and claims clearinghouse Relay Exchange.
  • Relay Exchange went back online by 24 March to begin processing $14 billion in medical claims.

But on the legal and Federal fronts, UHG will be keeping its legal department busy. Starting the week of 11 March, the first class action lawsuit was filed by a women’s health practice in Albany, MS–Advanced Obstetrics & Gynecology PC. Another class action suit was filed on 18 March by Gibbs Law Group on behalf of providers to be named. Patients who have had compromised PII and PHI will be next from the 4 or 6 terabytes of payer information held by ‘notchy’ and other affiliates from the BlackCat/ALPHV masterminded attack as this is confirmed. Expect these to multiply like weeds in May. HIPAA Journal  And the American Hospital Association, Senators and House Representatives are jumping all over Health and Human Services (HHS) to ensure that payments are made to Medicare, Medicaid, and Medicare Advantage plans–as well as calls for investigating UnitedHealth. Becker’s, FierceHealthcare

As expected, UHG’s acquisition of Amedisys home health is running into more opposition at the state level. In this case, it’s the Oregon Health Authority (OHA) that will be conducting a full review. The Department of Justice (DOJ) has been investigating the acquisition on antitrust grounds almost since it was announced in June 2023. Shareholders approved the $3.3 billion buy the following September, but it has not closed. UHG’s plan is to merge it into Optum’s home health providers Contessa Health and LHG Group, creating a home health juggernaut. As noted earlier this month when DOJ announced a further antitrust probe of UHG around the UnitedHealth plan relationships with Optum services, “DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing. One wonders if now UHG has buyer’s remorse after fighting for two years to buy Change.” (And winning versus DOJ!) Fierce Healthcare

Yet UHG goes on buying providers, DOJ scrutiny or not. Optum is bidding for Steward Health Care’s Stewardship Health practices over nine states. For-profit Steward, headquartered in Dallas, needs to raise funds as it is in debt overall and facing major problems in Massachusetts, with several hospitals at risk of closure. In any case, the company wants to exit the state. A purchase price was not announced. The transaction is under review by Massachusetts’ Health Policy Commission (HPC) over the next 30 days. The Stewardship transaction would add to OptumCare’s total of 90,000 physicians–10% of US physicians, a number that is raising red flags on the state and Federal levels. FierceHealthcare, WBUR

Can digital health RPM achieve meaningful change with type 2 diabetics? New metastudy expresses doubt.

A metastudy from the Peterson Health Technology Institute (PHTI) has reservations about the efficacy of digital diabetes management tools. Over $50 billion has been invested in the sector between development, investments, mergers, and acquisitions. Generally, the claim around digital management tools for diabetes to aid self-management and prevent poor outcomes, particularly for those at high risk, has been that they can 1) deliver meaningful and lasting clinical benefits in reduction of HbA1c (glycemic control) and 2) reduce long-term costs of poor control, benefiting patients. In the US, diabetes affects 11% of the population and is an expensive chronic condition. It also disproportionately affects people of color and those with lower income, especially as they age.

The systematic literature review of 1,100-plus studies was augmented by interviews with physicians, patients, digital health experts, along with companies. They included 120 clinical references from DarioHealth, Omada, and Virta. The PHTI grouped digital tools into three types of solutions for Type 2 diabetes in adults. All used standard glucometers, not continuous glucose monitors/CGM as well as apps to provide real time feedback to a virtual or actual coach or care team:

  1. Remote patient monitoring (glucometer plus feedback): Glooko
  2. Behavior/Lifestyle modification (glycemic feedback plus coaching features): DarioHealth, Omada Health, Perry Health, Teladoc (Livongo), Verily (Onduo), and Vida
  3. Nutritional ketosis (dietary guidance that restricts carbohydrates and monitors the patient’s glycemic and ketone levels): Virta Health

The findings did not meet their expectations in demonstrating “clear, substantial, and durable progress toward glycemic control in people with type 2 diabetes, resulting in a lower prevalence of uncontrolled type 2 diabetes across the population.”

  • They did not deliver clinically meaningful benefits compared to ‘usual care’. Only three out of 10 comparative HbA1C studies achieved a meaningful difference of 0.5 percentage points (Minimal Clinically Important Difference or MCID) in patients. Their range was 0.23 to 0.60 percentage points compared to usual care.  The nutritional ketosis program had greater benefits as long as patients maintained the rigorous requirements of the therapeutic regimen.
  • The average price impact of the solution exceeds the savings achieved from the clinical benefits. The PHTI analysis looked at commercial insurance, Medicare, and Medicaid over three years. Provider reimbursement and pricing exceed cost savings from avoided care.

So where is the worth? The PHTI study recommended that:

  • Payers use these solutions for the highest risk and diverse/underserved populations
  • Regularly analyzing outcomes and tie contracts to clinical performance
  • Focus on patients with higher starting HbA1c newly starting insulin
  • Payers could also recommend nutritional ketosis as the Virta program had greater benefits.
  • Solutions could also evolve to include GLP-1 drugs, CGMs, and nutritional ketosis.

PHTI study (free download of full report, four sections, and appendices). PHTI press release.

PHTI is also offering a free webinar on Thursday 28 March at 2pm US Eastern Time on assessing digital diabetes management tools–registration here.

2023 US data breaches topped 171M records, up 187% versus 2022: Protenus Breach Barometer

2023’s US healthcare data breaches hit an all time high, both in reported breaches and number of records affected. Protenus, which publishes an annual Breach Barometer, uses multiple data sources including Health and Human Services’ public breach tool. The numbers are shocking for both:

  • HHS 2023 reported 725 reports and about 135 million records
  • Protenus‘ numbers are significantly higher: 1,161 reports and 171,139,241 breached records. In 2022, the totals were respectively 1,138 reports affecting a total of 59,664,152 breached records. Breached records were up 187% in 2023.

The variance in reporting is due to factors including not knowing the true scope of the breach in reporting to HHS, state reports being incomplete, and business associate reports covering all or only some of their clients.

Also included in their report is a discussion on how HHS through the Office of Civil Rights (OCR) response to breaches contained in HHS’s 2022 annual report released last month. In investigating, they seem to prefer voluntary resolutions and corrective actions. Only three  resolution agreements with monetary penalties and corrective action plans were imposed.

The Protenus Breach Barometer report is available for free download here. DataBreaches.net collaborated with Protenus in the report.

Why is the US DOJ filing an antitrust lawsuit against Apple–on monopolizing the smartphone market?

The Department of Justice’s antitrust filing against Apple on the iPhone is a many-splendored thing–and will take many years to work through the courts. It was filed Thursday 21 March in the US District Court for the District of New Jersey, alleging monopolization or attempted monopolization of smartphone markets in violation of Section 2 of the Sherman Act. New Jersey’s US District Courts are in beautiful Newark, Camden, and Trenton. The DOJ was joined by 16 states in the lawsuit including NJ. Apple has promised to fight it tooth and nail, correctly realizing this goes to the core of its business. “This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets” and “We believe this lawsuit is wrong on the facts and the law, and we will vigorously defend against it.”

On the face of this, the DOJ antitrust lawsuit seems almost ludicrous. While iPhones have a 60% market share in the US (Backlinko), there’s plenty of Android phones from Samsung and others (sadly, no longer LG) at competitive prices from every carrier. This Editor never looked twice at an iPhone for personal use and wasn’t impressed by a short-lived company phone, a totally locked-down iPhone 6. (On the other hand, my second computer at work where I really self-learned computing was an easy-to-use Mac 2si, a long time ago.) There are about 140 million iPhone owners in the US. Obviously, Apple makes a product and ecosystem, including the Apple Watch, that people, especially US upper-income users, prefer. There are features that Androids have and iPhones have, and sometimes the twains don’t meet, but for most of us it doesn’t matter.

But does Apple act in an anticompetitive, monopolistic way?

The DOJ says yes. The complaint states that Apple uses its control over the iPhone to engage in a broad, sustained, and illegal course of conduct, using its monopoly power to extract as much revenue as possible. The specifics include some centering on the Apple Watch:

  • Apple has exclusive software features–apps–that Android manufacturers don’t have or don’t work as well, for instance Apple Pay, iMessage, Find My Phone, FaceTime, and AirTags.
  • Apple Pay blocks other financial institutions from instituting their own cross-platform payment systems.
  • Apple’s control over app developers in their ‘walled garden’, locking them in especially in the cloud gaming area, but generally imposing contractual restrictions on and withholding critical access from developers in the name of security and privacy. Reportedly there are 30% commissions on app sales. Blocking ‘super apps’ restricts not only developers but also users from switching to Android since they will lose use of the app.
  • Apple’s messaging systems are only partly interoperable with Android and have unique features not available on Android
  • App Store commissions and rules are prohibitive for many developers
  • Locking in consumers with features not available on Android
  • Lack of interoperability of the Apple Watch with Android phones, and other manufacturers’ watches with iPhones 

What is interesting is that in the Apple Watch charges, there’s nothing about how Apple has essentially stolen features from other developers such as AliveCor and Masimo as found in other Federal courts. That IP theft is outside of antitrust and being litigated in other courts.

Much of the heated commentary has to do with the Apple Brand Promise and how they deliver apps. Apple is an integrator and people like the ‘walled garden’. The phone ‘just works’. Quoting Alex Tabarrok in Marginal Revolution, Apple is a gatekeeper that promises its users greater security, privacy, usability, and reliability. Users trade off control for a seamless experience and it delivers. It’s desirable. However, many of us don’t need or want to give over all that much control and desire flexibility in a more open platform. Not all of us need or want ‘seamless’ features like Apple Pay and live very well without that or games. 

What will keep DOJ and Apple entertaining each other in court for the next few years are court decisions over the years that have favored Apple:

  • Monopoly has been defined in repeated decisions as market share in the 70-80% range, not 60%
  • The concept of ‘procompetitive’ means that if you can choose between open access and the Apple ‘walled garden’, Apple has a legitimate competitive feature.
  • Companies don’t have a ‘duty to deal’ with other companies
  • Apple as a monopoly has already been dismissed in other cases

The push towards the DOJ action has apparently been stimulated by the EU Digital Markets Act, which Apple will comply with, as well as Apple competitors in the US who have tried and failed to restrict Apple in integrating its services. Will DOJ succeed in forcing Apple to be more like Android? The debate will rage on. DOJ release, 88 page filing, The Verge, 9to5 Mac, Medium.com, AP, Epoch Times

Mid-week roundup: UK startup Anima gains $12M, Hippocratic AI $53M, Assort Health $3.5M; Abridge partners with NVIDIA; VillageMD sells 11 Rhode Island clinics; $60 for that medical record on the dark web

It may be a little chilly out, but it feels like Springtime For Early Round Funding and Big Partnerships.

Anima, a London-based startup fresh out of Y Combinator, now has a $12 million Series A raise. It was led by Molten Ventures, with participation from existing investors Hummingbird Ventures, Amino Collective and Y Combinator. Its platform combines online consultation with productivity tools for integrated care enablement in one dashboard for primary care. Their founders position it as a single source for patient truth across care settings, avoiding missed diagnoses. As of today, Anima is deployed in over 200 NHS clinics in England caring for a combined 2 million patients and a monthly request volume of over 400,000 requests. They also claim to halve the time the time practices spend on coding, processing, and filing documents and resolve 85% of patient inquiries within a day. Shun Pang, co-founder and CEO of Anima, who trained as a doctor at Cambridge University, told TechCrunch. “The entire clinic collaborates in a real-time multiplayer dashboard, like Figma, and can ping cases to each other, and chat with a Slack-like UX.” he said. He also added that Anima’s processing system can “autonomously ingest any document, like handwritten, diagrams, imaging, and output a summary, with structured fields.” Anima has not entered the US market yet. Anima blog/release, Tech.EU

Hippocratic AI raised a jumbo $53 million Series A for what they term the first safety-focused Large Language Model (LLM) for healthcare. AI of course is the hottest funding area in healthcare. With two previous rounds raised in mid-2023, their total funding is $118 million (Crunchbase), creating a valuation estimated at $500 million. Investors were co-led by Premji Invest and General Catalyst with participation from SV Angel and Memorial Hermann Health System as well as existing investors Andreessen Horowitz (a16z) Bio + Health, Cincinnati Children’s, WellSpan Health, and Universal Health Services (UHS). Their product is a novel staffing marketplace where health systems, payors, and others can “hire” auto-pilot generative AI-powered agents to conduct low-risk, non-diagnostic, patient-facing services to help solve the massive healthcare staffing crisis. This is now being released for phase three safety testing with 5,000 licensed nurses, 500 licensed physicians, and the company’s health system partners. Release

San Francisco-based startup Assort Health now has a seed round of $3.5 million to advance its generative AI approach to healthcare call centers. Its goal is to eliminate front desk stress and call center/service holds. Their system in development uses AI and NLP (natural language processing) to understand a caller’s intent, then to integrates with the medical providers’ EHR, including Epic, to resolve patient inquiries without human intervention. Funding was led by Quiet Capital (!) joined by Four Acres, Tau Ventures, and a number of angel investors from tech companies. Release

Another generative AI company with a substantial Series C under its belt, Abridge, is partnering with super-hot NVIDIA.  The partnership also comes with undisclosed funding from NVIDIA’s VC arm, NVentures, to add to last month’s $150 million raise. Abridge is developing conversational AI technology using LLM and speech recognition to ease the burden of taking notes during the doctor’s appointment, with fluency in 14 languages across 55 medical specialties. Abridge’s technology is designed to capture clinician-patient conversations and structure the scribing. NVIDIA’s partnership will give Abridge access to NVIDIA’s computing resources, foundation models, and expertise in efficiently deploying AI systems at scale. Release

Another episode in the continuing Walgreens Restructuring Saga has VillageMD selling 11 practices to Arches Medical Partners. The practices are located in the Providence metro area of Rhode Island and consist of three urgent cares and eight offices with a total of 50 physicians and 75,000 patients. It is unusual because it is the first time that VillageMD sold their practices instead of closing the offices, which they are doing with 85 to 90 offices. Transaction cost was not disclosed but closed on 2 March. Arches is based in Cambridge, Massachusetts. They acquired these practices but also deploy software from its wholly-owned technology subsidiary, New Era Medical Operations (NEMO), to enable IPAs to negotiate and manage global risk contracts. Arches release, Becker’s, Crain’s Chicago Business

Wondering why ransomwareistes, their affiliates, and hackers in general are attracted to healthcare? It’s the value of a medical record. Going rates on the ‘dark web’ are now topping $60, according to CNBC’s source, a cybersecurity researcher Jeremiah Fowler. By comparison, Social Security number are a bargain $15 and a credit card number but $3. It’s also easier to hack than ever due to affiliate relationships termed ransomware-as-a-service or RaaS. The ransomware is supplied, the affiliate hackers do the work, and they share in the rewards–most of the time (see ‘notchy’ being scammed by BlackCat/ALPHV on the Change Healthcare cyberattack TTA 5 Mar). But this doubles or triples the potential for company extortion, with multiple ‘actors’ attacking a company, extorting a ransom, and then keeping healthcare data and selling it through their channels.

The article concludes that healthcare execs need to get very, very serious about protecting their data. Yet this year has marked healthcare downsizing IT departments in order to save money. This is as security software has proliferated–but has to be purchased and managed. Another distressing fact: this Editor only last week attended a major NYC conference on cybersecurity. Healthcare was mentioned only in passing as a market. Worse, till this Editor questioned a speaker from the floor, was the massive Change Healthcare attack even mentioned–and unfortunately she knew more about it than the speaker!

Walgreens’ latest cuts affect 646 at Florida, Connecticut distribution centers

Walgreens closes two distribution centers to ‘streamline capacities to best support our stores’. Two large centers serving Walgreens retail stores, in Orlando, Florida and Dayville (Killingly), Connecticut, are closing permanently in May, with workers discharged on or before 17 May. Affected are 324 workers in Orlando and 322 workers in Dayville who according to Walgreens will receive severance, additional separation pay, on-site career fairs, and/or outplacement services. While workers in Orlando have a better employment situation locally with unemployment at 3%, Dayville, in northeastern Connecticut’s rural Windham County near the Rhode Island border, is up to 5%. WARN notices were filed in both states about 14 March. Crain’s Chicago Business, Becker’s 

Press accounts do not mention corresponding closures of Florida or New England Walgreens stores. The puzzle is that Florida, particularly central Florida, is a growing market with a permanent population as well as seasonal/tourism. Yet all 52 Village Medical co-located offices have closed in that state [TTA 22 Feb]. Reasons why range from too small co-locations unable to support full practices to lack of doctors and medical saturation.

Walgreens, after several quarters of losses, is cutting to the bone expenses, with layoffs, consolidations, and closures everywhere from their Illinois headquarters to VillageMD. Despite the $1 billion in cuts for 2024 announced last October, Mr. Market is not responding–Walgreens’ stock price continues its downward trend and has lost 15% sharply since January. The new CEO Tim Wentworth has already positioned Walgreens’ recovery as ‘not a 12-month turnaround story’. Walgreens, over the past three years, drilled a lot of holes. Some worked out well, such as Shields, but the $10 billion investment in VillageMD may be a dry hole.  In the strategic review he announced earlier this month, Boots may be on the block, not Shields, but there will be more and deeper cuts to come–if WBA’s closely held ownership agrees. Based on the distribution center closures, expect more closures of retail locations served by those centers to be announced. 

Weekend roundup: NHS Dumfries (Scotland) cyberattacked; delisted Veradigm’s strong financials; One Medical NY patients’ coverage clash; Suki voice AI integrates with Amwell; Legrand and Possum extended; Zephyr AI’s $111M Series A

NHS Scotland’s Dumfries and Galloway region reported on Friday 15 March a “focused and ongoing” cyberattack affecting their 148,500 patients. Information is light at this point, but the region has reported system incursions that may involve the acquisition of patient data. “We have reason to believe that this could include patient-identifiable and staff-identifiable data.” Police Scotland, the Scottish Government, the National Cyber Security Centre, and the NHS have all been notified along with law enforcement. This story is developing. NHS D&G cyberattack page, BBC News, The Record, Cybercrime Magazine Top News 15 Mar

Delisting from Nasdaq hasn’t hurt Veradigm’s results in the slightest. As TTA and others noted in late February, Veradigm management telegraphed their strong financial state while announcing the acquisition of ScienceIO, an AI data company. These are all unaudited revenue numbers:

  • For 2023, revenue between $608 million and $622 million, net income from continuing operations is estimated between $49 million and $58 million.
  • For 2024, their estimate is for revenue growth ranging from $620 million to $635 million, with adjusted EBITDA of between $104 million and $113 million, with net cash of $140 million subsequent to the ScienceIO acquisition.

Veradigm’s repositioning post-ScienceIO will be around healthcare intelligence with scaled and proprietary LLM products supporting physicians & providers, payers, and life science research enterprises. Release

Now about those 2022 and 2023 financial reports that went sideways due to their financial software. Lee Westerfield, their interim chief financial officer, stated at the Barclays 26th Annual Global Healthcare Conference that the audit process is not only “prolonged” but also not fully in the company’s hands but with auditors. While they won’t say it out loud, it seems that Veradigm hasn’t let the Nasdaq delisting cramp their style, nor making money, at all.  Crain’s Chicago Business

New York-area One Medical patients caught in the UnitedHealthcare-Mount Sinai clash. Mount Sinai, one of the leading hospital systems of the New York metro, is in a dispute with UnitedHealth on their upcoming insurance contract.  Mount Sinai requested higher payments for hospital stays and physician visits, not unexpected given the duration of most of these contracts span several years and inflation has bitten hard over the past two years, but UHG rejected this. The lack of a contract as of Thursday 14 March means that as of 22 March, patients of Amazon-owned One Medical practices in the New York area with UnitedHealthcare and Oxford insurances (Oxford is an insurance brand of UHG) will not be in-network if receiving services through Mount Sinai’s hospital network. One Medical is part of Mount Sinai’s clinically integrated network (CIN) but apparently this has no impact. This Editor is betting that Amazon did not figure on provider/payer disputes of this type–it may be the first of many affecting One Medical with hospital networks. Becker’s

Some good news from Amwell around their new partner, Suki AI. The Suki voice-enabled AI powered digital assistant will be integrated into Amwell’s platform Converge. The voice assistant will not require a separate app as fully integrated into Converge and into Amwell providers’ existing workflows. Suki Assistant leverages natural language processing to help clinicians complete notes 72% faster on average, according to Suki, and also supports coding and dictation. A date was not specified for implementation. Suki has partnered with with multiple EHR systems, including most recently Meditech. The Amwell platform is used by providers at more than 55 health plans covering 90 million lives, plus 2,000 hospitals and health systems. Suki release, Healthcare IT News

In more partner news in the UK, Legrand and Possum have extended their now 14-year reseller agreement. Possum continues as the exclusive reseller for the NOVO range of Legrand telecare products in the UK and Ireland. Read more about it on TSA Voice and UKTelehealthcare. While you’re there, our UK Readers can also seek our supporter UKTH’s continued training events and resources on the 2025 Digital Switchover. Legrand is a long-time advertising supporter of TTA.

Zephyr AI raises $111 million in Series A financing. Revolution Growth, Eli Lilly & Company, Jeff Skoll, and EPIQ Capital Group financed a bountiful Series A scarcely seen since 2022. As you’d expect, Zephyr has this year’s flavor, having integrated AI into precision medicine for oncology and cardiometabolic disease. Zephyr’s earlier seed round of $18.5 million was raised in March 2022 (Crunchbase). From the release: “The new funds will enable Zephyr AI to further enhance its analytical speed and fortify its extensive collection of training and validation data sets. Moreover, the funds will support the expansion of the company’s scientific and commercial teams to expedite the delivery of its rapidly growing pipeline of insights to the market.”

News roundup: Cerner goes live at VA, DOD Lovell Center; WebMD expands education with Healthwise buy; Dexcom has FDA OK for OTC glucose sensor; Centene may have buyer for abandoned Charlotte HQ

In news other than Walgreens and Optum/Change Healthcare–with more to come out of HIMSS in Orlando this week…

The DOD/VA Cerner EHR went live on Saturday 9 March in the Capt. James A. Lovell Federal Health Care Center (Lovell FHCC), right on scheduled time. This EHR which will serve both active duty service members in the Military Health System (MHS) and veterans through the VA is being watched closely. While MHS Genesis has been rolled out in most military health facilities in the US and overseas, the VA’s has stalled at five. As of now, Lovell is the only VA implementation planned for this year and its functionality and interoperability with MHS is under a microscope. Training has been intensive and VA reports having made many changes from the earlier implementations. The MHS Genesis team from DOD have also been a key part of the training.

VA has shown improvement with no full outages in 300+ days and with the nagging smaller incidents greatly reduced. But the VA’s deputy inspector general reported significant and dangerous faults in the Oracle Cerner Millenium medication record system only last month to the House Subcommittee on VA Technology Modernization [TTA 22 Feb]. While the fixes are in effect in the five VA locations with Millenium, Genesis at Lovell will not have them yet.

Lovell FHCC is located in north Chicago, has a combined DOD/VA staff of 3,200, and serves 75,000 patients per year: 25,000 veterans, over 10,000 TRICARE enrollees, and 30,000 Navy recruits from Great Lakes with a 300-bed main facility and clinics in the Chicago area. Federal News Network

WebMD buys health education developer Healthwise. The company’s patient education assets including content and technology that integrate into care management platforms for both health systems and payers will become part of WebMD Ignite, which was formed last April to unite Krames, also in health education, Mercury Health data analytics, Wellness Network videos, Vitals provider scheduling, in addition to Medscape and WebMD. According to the release, the combination of Krames and Healthwise will reach 650 healthcare organizations, comprising more than 50% of hospitals in the U.S. and 85% of the top 20 payers, which is a dominant market share with limited other competition such as Wellframe, owned by HealthEdge. Transaction cost, surviving name, and management/staff transitions were not disclosed.

Healthwise is unusual in that it was formed as a non-profit in Boise, Idaho in 1975. In the 2024 Best in KLAS Report, Healthwise was ranked first in health education for value-based care. While the education assets are being sold to WebMD, the non-profit will go on, according to Healthwise. Healthcare IT News (Editor’s disclaimer: Donna was a consultant for Krames on marketing projects during 2021-22, prior to Ignite.)

WebMD is also integrating into Ignite personalized medication instructions from First Databank (FDB)’s Meducation through WebMD Ignite’s Krames On FHIR platform. It will then go into prescribers’ EHRs and patient portals. FDB release

Dexcom receives FDA clearance for Stelo, the first over-the-counter (OTC) continuous glucose monitor cleared in the US. Like the prescription version, the biosensor attaches to the arm to monitor blood glucose without skin penetration and connects to a Dexcom phone app. The sensor is the same as the prescription Dexcom G7, with a battery life of about 15 days. Stelo was cleared for use by adults 18+ who have Type 2 diabetes but not on insulin therapy–over 25 million people in the US. Release is scheduled for online-only release this summer as a cash-pay purchase (cost not disclosed), with insurance reimbursement TBD over the next few years. Mobihealthnews, Healthcare Dive

Centene may be close to selling its ‘dream’ Charlotte, North Carolina headquarters building. The now near-complete 800,000-square-foot building in Charlotte’s University City would have been Centene’s East Coast HQ. It was planned by the previous CEO in 2020 to be the center of a campus with over 6,000 employees, 3,200 to be hired locally. The plan was abandoned in August 2022 due to a shrinking office-based workforce primarily in St. Louis with some in plan locations throughout the country. Cushman & Wakefield is marketing the building with word being that a single company is interested in purchase. New Class A space is reportedly relatively rare in Charlotte, though the vacancy rate in the immediate area is at 25%. There is also undeveloped land on the site that has attracted interest from a locally active multifamily developer, although that would require a rezoning. Centene purchased the land in 2020 for $19 million, not including a separate 51-acre parcel purchased later in 2020. In addition to reducing its real estate pattern, Centene has also been reducing its staff with two 2,000-person layoffs in 2023, one in the summer and the second in December.  Charlotte Business Journal, Becker’s

Updates on Change cyberattack: UHG’s timeline for system restorations, key updates around claims and payments in next weeks (updated)

As of 8 March-updated 14 March

UnitedHealth Group released a timeline on restoring Change Healthcare systems.

Prescribing is currently back online, with payments not up until next Friday and the claims network starting testing and brought up through the week of 18 March. Highlights below are from the release. Details in 7 March press release.

  • Electronic prescribing is now fully functional with claim submission and payment transmission available as of 7 March. At the end of the release, there is additional information applicable to pharmacy claims and payments, as well as Optum Rx PBM.
    • Update: UHG announced on 13 March that the pharmacy network and payment systems were operational and 99% of pre-incident claim volume is restored. There are some pharmacies remaining offline. Reuters
  • Electronic payment functionality will be available for connection beginning 15 March (next Friday)
  • Testing and reestablishing connectivity to the claims network and software on Monday 18 March restoring service through that week.

Bottom line: the two critical functions of payments and claims will not be fully restored for a month (the cyberattack began on 21 February. Testing of the claims network is not full functionality. Reading between the lines, don’t bet on the week of 18 March for a complete restoration.

Editor’s note: Claims drive payments. There is a massive backlog. Providers could be out of pocket for months or working through reconciliations with UHG, if they participate in temporary funding.

Buried in the release: “we strongly recommend our provider and payer clients use the applicable workarounds we have established—in particular, using our new iEDI claim submission system in the interest of system redundancy given the current environment.”

The rest of the release recaps UHG’s temporary funding proposal, which the American Hospital Association had previously criticized as having ‘shockingly onerous’ terms that were “not even a band-aid on the payment problems” [TTA 5 March]. It has been improved with UHG advancing payments weekly and removing fees and interest. Repayment also seems sensible if the reconciliations are done correctly; “providers will receive an invoice once standard payment operations resume and will have 30 days to return the funds.” Registration is of course required.

UHG is also urging other payers to follow their lead in addressing payments with their providers.

At this point, you can’t expect UHG to disclose why Change Healthcare’s hundreds of systems were so vulnerable–nor whether they paid ransom to BlackCat, as reported. This Editor also wonders how much information on claims and payments, going back before 21 February, was lost. 

Other funding updates:

UHG will suspend until 31 March:

  • Prior authorizations for most outpatient services except for Durable Medical Equipment, cosmetic procedures, and Part B step therapies. This applies to Medicare Advantage (MA), including Dual Special Needs Plans (D-SNP).
  • Drug formulary exception review processes for Medicare Part D pharmacy benefits

UHG will work with state Medicaid agencies on actions they wish to implement.

Becker’s, Healthcare Dive

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’

BlackCat/ALPHV blames the FBI for another ‘shutdown’ and exits, stage left. BlackCat put up a copy of the shutdown screen (left) that appeared on their old leak website back in December [TTA 22 Dec 23] on their new leak website, claiming that law enforcement shut them down. This was not confirmed by the FBI either way, but Europol and the NCA confirmed to Bleeping Computer that they had no recent activity involving BlackCat. The other tell was that the source code on both screens was different–it was served up on another server.

On a Russian hacker forum called Ramp, BlackCat/ALPHV claimed that they “decided to completely close the project” and “we can officially declare that the feds screwed us over. The source code will be sold, the deal is already being negotiated”. The source code is reportedly up for sale for $5 million.

As to the $22 million, BlackCat/ALPHV never admitted it was paid by Optum/Change (nor is Optum confirming), but the affiliate called “notchy” which didn’t get paid [TTA 5 Mar] shared (to Bleeping Computer) that “a cryptocurrency payment address that recorded only one incoming transfer of 350 bitcoins (about $23 million) from a wallet that appears to have been used specifically for this transaction on March 2nd.” That wallet distributed (seven) equal payments of $3.3 million in bitcoin to other wallets.

(Update) Speaking of “notchy”, let’s not forget that this affiliate claims to have 4 TB of PHI/PII data from Change that could be sold or leaked. Since they never got paid by BlackCat/ALPHV, it’s safe to assume that information will be up, so to speak, for grabs.

When it all adds up–the fake FBI ‘raid’, shutting down servers, the signoff on Tox of “GG’ (good game?), the cutting off of affiliates (which also confirmed this to DataBreaches.net–and may or may not have been paid)–it resembles an exit scam.

(Update) Another excellent summary about ALPHV in Krebs On Security also updates LockBit, which was seized in an international takedown in February, and about governmental entities they ransomwared.  To be continued….

The lobbying of HHS by Congress, the American Hospital Association, and UHG to help out providers has produced some results. On 5 March, Health and Human Services (HHS) issued a statement that summarized various ‘flexibilities’ and workarounds to aid providers who cannot access systems or have to resort to alternatives to ensure continuity of services to patients. These will be administered through the Center for Medicare & Medicaid Services (CMS) and range from prior authorization, advance funding, and claims processing for Medicare. From the statement:

  • Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch.
  • CMS will issue guidance to Medicare Advantage (MA) organizations and Part D sponsors encouraging them to remove or relax prior authorization, other utilization management, and timely filing requirements during these system outages.
  • CMS is also encouraging MA plans to offer advance funding to providers most affected by this cyberattack.
  • CMS strongly encourages Medicaid and CHIP managed care plans to adopt the same strategies
  • If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs. CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them.

Many payers are also making funds available while systems are offline. Hospitals may also face “significant cash flow problems from the unusual circumstances impacting hospitals’ operations, and – during outages arising from this event – facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration.”

The statement closes with a reminder of HHS’ December concept paper on cybersecurity strategy for healthcare. DataBreaches.net (full statement), Becker’s

(Update) More on how this is affecting patient care focusing on cancer treatment, from the point of view of a Community Oncology Alliance spokesman. In addition, how consolidation is making healthcare more vulnerable to cybercriminals, and comments on UHG and Federal processes and payment offers to date. HealthcareITNews.

And DDoS attacks and questionable downtimes are now common.

Editor’s Update 11 Mar: The DataBreaches.net website had a major DDoS attack on 7 March and was down for two days thru 8 March. It is now fully up and running with our links working.

Multiple US Government websites went down Thursday evening 7 March based on news reports: Department of Homeland Security (DHS), Customs and Border Protection (CBP), Immigration & Customs Enforcement (ICE), Citizenship and Immigration Services (USCIS), US Secret Service and Federal Emergency Management Agency (FEMA). The timing based on the State of the Union address to Congress is, well, interesting. Daily Express   Later reports announced restoration later in evening. Cyberincidents are not exactly unknown on government websites.

Update: VillageMD lays off 49 in first two of six Village Medical closures in Illinois

VillageMD starts releasing staff in soon-to-shut Illinois clinics. Layoffs have already started in the Illinois clinics owned and operated by Walgreens-owned VillageMD. As reported in Crain’s Chicago Business, two of their six Village Medical clinics have given notice to doctors, practice managers, medical assistants, registered nurses, and ultrasound and radiology technicians. This eliminated 24 positions at the Lincoln Park (Chicago) office and 25 positions at their Wheeling clinic, both free-standing independent locations. The layoffs took place between 20 February and 5 March. It is not clear from the article or the WARN Notice filed 20 February with the state Department of Commerce whether the layoffs take effect by or on 19 April or if the clinics are being run by a skeleton staff before closure. 

A website check of Village Medical locations in Illinois has banners on each location’s page confirming that they will close on 19 April. Illinois WARN notices have not been posted yet for the four other locations.The only co-located Walgreens-Village Medical location is in Elk Grove, so the five free-standing locations may not have been part of the 2021-22 expansion or had been acquired in separate transactions.

VillageMD is headquartered in Chicago with an original footprint mainly in the Midwest to Texas, expanding to the East (plus specialty and urgent care) when it acquired Summit Health/CityMD in January 2023 for $8.9 billion

A VillageMD spokesperson told Crain’s that laid-off full-time employees will receive an ‘exit package’ which indicates that part-time employees may receive little to no assistance. “Support for patients” is limited to urging them to contact their insurance company for help in locating a new physician and office, then assisting in transferring their records. The spokesperson did not disclose if current patients are in the process of being notified nor how.

Based upon these initial layoff numbers, Village Medical’s layoffs in Illinois will be upwards of 150 at minimum. Their spokesperson declined to reveal the full number of layoffs in Illinois. If 25 per location is extrapolated to 85 locations across Village Medical, layoffs will be ~ 2,125.

VillageMD has been remarkably silent to the press about the closures and reorganization. It has not issued a press release since last October. Additional background TTA 29 Feb.

Reality Bites Again: UHG being probed by DOJ on antitrust, One Medical layoffs “not related” to Amazon, the psychological effects of cyberattacks

When It Rains, It Really Pours for UnitedHealth Group. On the heels of their Optum/Change Healthcare ransomware disaster are recent reports that the US Department of Justice is investigating UHG over multiple antitrust concerns. According to the Wall Street Journal, DOJ is examining certain relationships between the company’s UnitedHealthcare insurance unit and its Optum services unit, specifically around Optum’s ownership of physician groups. UHG has been aggressively buying and buying interests in practice groups for several years, announcing quite publicly that their goal was to own or control 5% of US physicians. In 2022 and 2023, they bought CareMount, Kelsey-Seybold, Atrius Health, Healthcare Associates of Texas, and Crystal Run Healthcare (Becker’s). Local reporting by the Examiner News in Westchester, NY, brought much of this history to light. In that area, it started with local practice group CareMount and their 25% layoff after being folded into Optum Tri-State with ProHealth in Long Island and NYC and Riverside Health–a layoff pattern that accelerated in the practice groups in 2023.

DOJ lost out on their challenge to the Change Healthcare acquisition in November 2022, deciding not to appeal the Federal District Court decision in 2023 [TTA 23 Mar 2023]. But DOJ never sleeps; they are examining with a microscope UHG’s $3.3 billion bid for home health provider Amedisys that started in August 2023 and has not moved forward. DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing. One wonders if now UHG has buyer’s remorse after fighting for two years to buy Change.

In the Alternate Reality Department, One Medical CEO Trent Green insisted that their reorganization and layoffs were unrelated to their acquisition by Amazon. Those of us who are a little less credulous know that with 98% of acquisitions, staff are laid off. Overlapping areas wind up being pinkslipped, no matter their individuals’ quality or even difference in business: finance, HR, legal, marketing, IT, operations, compliance, sales, account managers…the list is almost endless. According to the Washington Post article (also Becker’s), One Medical cuts, estimated at up to 400, also included front desk staff, office managers, health coaches, behavioral health specialists and a pediatrician–people who aren’t employed by other Amazon units. One Medical’s corporate offices in New York, Minneapolis, and St. Petersburg, Florida are closing, and its San Francisco office space is reduced to one floor. TTA 14 Feb

One Medical has never been profitable, as this Editor noted when the acquisition was announced as part of the “race to transform healthcare models”. This wasn’t going to last long with Amazon, which has been aggressively been cutting and dumping in other units such as Audible, Prime, and Halo. Marketing Amazon-style with deeply discounted memberships to Prime members also has its limitations. One Medical has a scant 200 mostly urban offices, which means that members outside those areas only have access to virtual visits. It had previously cultivated a patient population of young, mostly healthy and lower-cost urbanites, who as they grow older and have families might stick with the practice–or find it not compatible with or targeted to their needs in middle age. Management has changed: Green replaced Amir Dan Rubin, MD, as CEO last September. CFO Bjorn Thaler will move to a new position focused on growth initiatives. A layer of regional general managers will report to an Amazon head of operations, and legal, finance, and technology teams will report to Amazon’s healthcare business structure. Inbound calls now go to Mission Control, a central call center, and even those humans will be in future supplemented by an AI-enabled chatbot.

Iora Health, One Medical’s specialized (acquired) unit in Medicare Advantage and Medicare Shared Savings Programs including the advanced ACO REACH model, in October was rebranded as One Medical Senior, with an intention for all One Medical offices to serve age 65+–but with current patients, many with multiple chronic conditions, now reporting cutbacks in callbacks, appointment length, physician load, and services provided such as transportation. One clinic had 20 staff cut back to five with patients pushed out to virtual visits–hardly appropriate for a high needs, older, less technologically savvy patient population in value-based care, quality-measured models. Editor’s note: having had some experience in ACO and VBC World, Amazon may as well get out of ACOs because practices in these primary care models require specialized and dedicated management, reporting, and population nurturing. They don’t mainstream well.  I have also read that ironically, Iora was profitable for OneMedical, which is 1) why they bought it and 2) ran it separately.

In this Editor’s view, human costs are a factor shown to be absent from Amazon’s business calculations for success–which doesn’t quite square with the mission of healthcare for healthier patients and better outcomes.

Speaking of the reality of human cost, let’s spare a thought for those dealing with the effects of a cyberattack or data breach. They are the IT staff, pharmacists, software specialists, front line clinicians, billing specialists, doctors, therapists, business managers, coders…the list goes on. They share their feelings of frustration, helplessness, distress, aloneness, and financial fear on Reddit, Twitter/X and other forums. Few think of them taking the brunt of patient frustration and their state of mind day after day as Change/Optum’s disaster goes on and on. Writer Molly Gamble of Becker’s has the final and most sympathetically descriptive say in her brief but important article about When ransomware strikes, who to call?  A full read is recommended.

Helplessness or loss of control, especially at a collective level, can be psychologically and emotionally taxing. Recognizing a threat but not knowing what to do about it can increase one’s stress, anxiety and fear. The lack of a known end point of a cyberattack like Change is experiencing can intensify psychological distress. Some independent therapists, for instance, have noted they have halted their insurance billing for a week due to the downtime and expressed fear about going longer without income. 

These mental effects, while lesser-discussed, are exactly what cyberthreats intend to bring on. Cyberterrorists want to create mental and physical harm, and research has found that the psychological effects of cyber threats can rival those of traditional terrorism.

Facing Future: Walgreens CEO moves company into strategic review–will he get WBA board alignment?

Walgreens’ CEO Wentworth positions for turnaround. “This is not a 12-month turnaround story” said Mr. Wentworth at the TD Cowen healthcare investor conference. To this Editor, the public honesty and lack of cant (a/k/a “PR Speak”) was refreshing. His unobvious caveat though was aligning the board around what he and the new executive team–very few if any carryovers from the prior regime–see as the direction of the company and asset management.

The WBA board is led by executive chairman Stefano Pessina, who has a vested interest in a turnaround. He is the lead individual shareholder of WBA with apparently 10% of shares with other insiders (including the COO of WBA International, Ornella Barra, spouse of Mr. Pessina) having about 17%. Large institutional investors (Vanguard, State Street, etc.) have over 60% of the company. The share price has fallen about 40% in the past year (from early March 2023) and 55% from this time in 2022. (Derived from WBA and Yahoo Finance)

Example: This Editor has estimated from public information that Walgreens sank north of $10 billion into VillageMD, from initial and then controlling interest, then funding the buy of Summit Health/CityMD. This is a huge and recent investment that is going sideways in a span of less than three years. It does take some nerve to walk it back. TTA 22 Feb

Other key points Mr. Wentworth made, according to the most complete report in Crain’s Chicago Business, was that this was not a prelude to some massive unveiling of a New Walgreens, that it would be a ‘starting gun’ for the work to be done, and that investors would be updated through the process. The review will include:

  • Evaluating its 8,000+ location footprint based on current and projected population and type of usage
  • US Healthcare assets including the already shrinking VillageMD [TTA 29 Feb], home care benefit management services primarily for payers CareCentrix, and specialty pharmacy Shields Health Solutions.
  • Shields is apparently no longer up for sale per earlier reports but Boots now may be
  • Smaller assets around clinical trials and pharmacy fulfillment centers

The next earnings call is 28 March, when undoubtedly more will be revealed.

FierceHealthcare caught up to this as well.

Editor’s POV on ‘musts to avoid’: Walgreens’ chief medical officer, Dr. Sashi Moodley, was interviewed during ViVE24 by Mobihealthnews, It is only remarkable in how he sidestepped direct questions beyond the first two lengthy ones on a virtual care initiative, generating a fog of non-answers around VillageMD closures and corporate strategy that became peasoup thick by the last question. (Kudos to Jessica Haden for not going wobbly.) The dubious wisdom of placing a C-level in front of the press at a ‘hard and tough news’ time, one whose expertise is clinical in nature, most comfortable in speaking to that and not corporate strategy, plus evidently has a hard time editing/limiting responses, should be rethought. 

Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated)

The BlackCat/ALPHV ransomware attack on Change Healthcare’s systems continues. At this point, the Optum systems website doesn’t show anything other than a chronological trail of updates and a long list in very small gray type of Change Healthcare systems affected–no more individual checks on working systems and red Xs on the ones that weren’t. 

  • UnitedHealth Group is setting up a program to loan funds, the “Temporary Funding Assistance Program,” to providers who cannot receive payments while Change systems are down. While without fees or interest, the loans will have to be repaid.
  • In a Tuesday 27 Feb conference call with hospital cybersecurity officers reported by STAT, UHG Chief Operating Officer Dirk McMahon said that the program will continue “for the next couple of weeks as this continues to go on.” This is more of a timeline than UHG has otherwise disclosed.
  • The American Hospital Association (AHA) on Monday slammed the “Temporary Funding Assistance Program” as “not even a band-aid on the payment problems” that hospitals are experiencing. The program is, in their view 1) “available to an exceedingly small number of hospitals and health systems” and with “shockingly onerous” and “one-sided contractual terms” and conditions for payback and verification through access to claims payment data. For their members, “their financial future becomes more unpredictable the longer Change Healthcare is unavailable. UnitedHealth Group, which is a Fortune 5 company that brought in more than $370 billion in revenue and $22 billion in profit in 2023, can — and should — be doing more to address the far-reaching consequences that result from Change Healthcare’s inability to provide these essential hospital revenue cycle functions nearly two weeks after the attack.” 4 March letter to UHG   AHA maintains an update page for members and other providers.
  • US Senator Chuck Schumer wrote 1 March to the Center for Medicare and Medicare Services (CMS) requesting that CMS accelerate payments to hospitals, pharmacies and other providers. Also Becker’s
  • AHA wrote 4 March to all four Congressional leaders detailing the effect on providers, UHG’s assistance program’s inadequacies, and requesting assistance from HHS including requesting “Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.”  

Update: According to First Health Advisory, a cybersecurity firm in healthcare, some large providers are losing $100 million daily because of the interruptions to Change/Optum’s payer systems. CNN, Becker’s

And BlackCat went All Quiet on the Ransomware Front. Bleeping Computer confirmed that BlackCat turned off their servers and took their negotiation website offline over the weekend. “The Tox messaging platform used by the BlackCat ransomware operator contained a message that does does not provide any details about what the gang plans next: “Все выключено, решаем,” which translates to “Everything is off, we decide.”” It has now been changed to “GG”.

This may or may not be related to another development–an affiliate of BlackCat/ALPHV claiming that they were scammed of a $22 million ransomware payment from Optum. These affiliates actually carry out the attacks on cybervictims using encryptors from the main entity. Dmitry Smilyanets of threat intelligence company Recorded Future picked up a message posted by “notchy” that said Change/Optum paid $22 million on 1 March to “prevent leakage and decryption key.” ALPHV suspended their account after receiving the payment and never paid them. This affiliate also claims they still have 4 terabytes of data from Change that goes deep into Tricare, Medicare, MetLife, CVS, and many other payers. As proof on the ransom, “notchy” provided a cryptocurrency payment address with a total of nine transactions. In the ultimate irony, “notchy” warned other affiliates to stop dealing with ALPHV. Cutting off affiliate ties and walking away with the cash, preliminary to another rebrand of BlackCat/ALPHV, formerly DarkSide and Black Matter? Also The Registerand DataBreaches.net–which commented that while Optum may have gotten a decryptor, what about All That Data?