Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated)

March 5, 2024 | by

The BlackCat/ALPHV ransomware attack on Change Healthcare’s systems continues. At this point, the Optum systems website doesn’t show anything other than a chronological trail of updates and a long list in very small gray type of Change Healthcare systems affected–no more individual checks on working systems and red Xs on the ones that weren’t. 

  • UnitedHealth Group is setting up a program to loan funds, the “Temporary Funding Assistance Program,” to providers who cannot receive payments while Change systems are down. While without fees or interest, the loans will have to be repaid.
  • In a Tuesday 27 Feb conference call with hospital cybersecurity officers reported by STAT, UHG Chief Operating Officer Dirk McMahon said that the program will continue “for the next couple of weeks as this continues to go on.” This is more of a timeline than UHG has otherwise disclosed.
  • The American Hospital Association (AHA) on Monday slammed the “Temporary Funding Assistance Program” as “not even a band-aid on the payment problems” that hospitals are experiencing. The program is, in their view 1) “available to an exceedingly small number of hospitals and health systems” and with “shockingly onerous” and “one-sided contractual terms” and conditions for payback and verification through access to claims payment data. For their members, “their financial future becomes more unpredictable the longer Change Healthcare is unavailable. UnitedHealth Group, which is a Fortune 5 company that brought in more than $370 billion in revenue and $22 billion in profit in 2023, can — and should — be doing more to address the far-reaching consequences that result from Change Healthcare’s inability to provide these essential hospital revenue cycle functions nearly two weeks after the attack.” 4 March letter to UHG   AHA maintains an update page for members and other providers.
  • US Senator Chuck Schumer wrote 1 March to the Center for Medicare and Medicare Services (CMS) requesting that CMS accelerate payments to hospitals, pharmacies and other providers. Also Becker’s
  • AHA wrote 4 March to all four Congressional leaders detailing the effect on providers, UHG’s assistance program’s inadequacies, and requesting assistance from HHS including requesting “Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.”  

Update: According to First Health Advisory, a cybersecurity firm in healthcare, some large providers are losing $100 million daily because of the interruptions to Change/Optum’s payer systems. CNN, Becker’s

And BlackCat went All Quiet on the Ransomware Front. Bleeping Computer confirmed that BlackCat turned off their servers and took their negotiation website offline over the weekend. “The Tox messaging platform used by the BlackCat ransomware operator contained a message that does does not provide any details about what the gang plans next: “Все выключено, решаем,” which translates to “Everything is off, we decide.”” It has now been changed to “GG”.

This may or may not be related to another development–an affiliate of BlackCat/ALPHV claiming that they were scammed of a $22 million ransomware payment from Optum. These affiliates actually carry out the attacks on cybervictims using encryptors from the main entity. Dmitry Smilyanets of threat intelligence company Recorded Future picked up a message posted by “notchy” that said Change/Optum paid $22 million on 1 March to “prevent leakage and decryption key.” ALPHV suspended their account after receiving the payment and never paid them. This affiliate also claims they still have 4 terabytes of data from Change that goes deep into Tricare, Medicare, MetLife, CVS, and many other payers. As proof on the ransom, “notchy” provided a cryptocurrency payment address with a total of nine transactions. In the ultimate irony, “notchy” warned other affiliates to stop dealing with ALPHV. Cutting off affiliate ties and walking away with the cash, preliminary to another rebrand of BlackCat/ALPHV, formerly DarkSide and Black Matter? Also The Registerand DataBreaches.net–which commented that while Optum may have gotten a decryptor, what about All That Data?

News and deals roundup: AHA opposes Optum buy of Change Healthcare; big raises by Komodo Health, Evidation Health, Ro’s $500M; Appriss acquires PatientPing

March 25, 2021 | by

Sometimes $13bn Mega Deals run into powerful opposition. The nearly 5,000 member American Hospital Association (AHA) is opposing UnitedHealth Group’s Optum‘s acquisition of software/analytics/revenue cycle management (RCM) company Change Healthcare. The AHA is urging that the Antitrust Division of the Department of Justice (DOJ) review it on anti-competitive grounds. Their position is that the OptumInsight integration of Change, planned for Q2, will drastically reduce competition for health care information technology (IT) services to hospitals and other health care providers, driving up costs to hospitals and patients. Optum is already one of the largest in this sector. It would also shift data from a third-party company to a subsidiary of the US’ largest payer. Change is the largest independent provider of health IT services for payments and RCM. Though substantial divestitures are part of the deal, the AHA opposition may kick off the same from other healthcare groups and successfully force DOJ to take action. FierceHealthcare, AHA letter to DOJ (PDF link).

Dizzy Digital Health Deals Continue This Week. Data analytics companies haven’t been as hot as other areas of digital health closer to telehealth and behavioral health, but Komodo Health just completed a big Series E of $220 million. This follows their snack-sized January Series D of $44 million (Crunchbase). Komodo feeds their 325 million patient encounter database drawn from EHR, pharma, lab, and government data into their proprietary software for analytics to drive better health outcomes across therapeutic areas. Their primary markets are life sciences and pharma for R&D, clinical trials, and medical affairs. The Series E was led by Tiger Global Management, which earlier this month invested in Tyto Care and Dispatch Health [TTA 4 March], with Casdin Capital plus existing investors ICONIQ Growth, Andreessen Horowitz, and SVB Capital. Release 

Evidation Health, another data aggregation and analytics company, raised $153 million in a Series E led by OMERS Growth Equity and Kaiser Permanente Group Trust for a total funding since 2012 of $259 million. This will be used for building out their virtual health analytics and research platform, Achievement. Release

In direct-to-consumer healthcare, integration gets tighter. For those who can stand their tacky commercials for Roman, you’ll be seeing many more of them because parent DTC/telehealth company Ro just raised $500 million in a Series D round, led by General Catalyst, FirstMark Capital, and TQ Ventures. The intent of co-founder Zachariah Reitano is to combine a nationwide telemedicine, pharmacy distribution, and in-home care network. Their total funding since 2017 is $876 million. According to the TechCrunch article, Ro is building out a patient-centric ‘vertical optimization’ model with 10 pharmacies scheduled for 2021 and the ability to provide 500 common drugs at $5 per month. Earlier this year, Ro acquired Workpath, a software platform that enables healthcare companies to offer on-demand, in-home care, and diagnostic services. Look for Ro to make another acquisition or two this year to bolster their telehealth capabilities. Release

PatientPing, a care coordination software that connects providers to create continuity of patient care to notify them of patient events, is in an agreement to be acquired by Appriss Health, a 25-year-old SaaS software company primarily known for behavioral health care coordination and data analytics solutions to identify and mitigate substance use disorders. The combined company will cover 1 million professionals, 2,500 hospitals, 7,500 post-acute facilities, 25,000 pharmacies including every national pharmacy chain, and 43 state governments. Terms of the transaction were not disclosed, nor valuation or management transition, but closing is expected in Q2. Release