TTA’s Finally 2025: Walgreens loses, stock up; fundings for Cera, Qventus, Solera; General Catalyst picks AWS; 3 consolidations; senior social companions at CES, more!

 

 

Now that we’re officially past the ‘happy new year’ greetings, it’s time for the 2024 financial reports and 2025 forecasts–some good, some not. Companies are scoring decent raises for the first time in two years, while PE General Catalyst is cutting deals with AWS. M&A activity concentrates on consolidation and integration. And we highlight two social companions for seniors’ tabletops.

2024 earnings roundup: UnitedHealth Group and Masimo (Closing out an annus horribilis)
Short takes: UK’s Cera raises $150M, $105M for Qventus, Solera Health’s $40M; General Catalyst’s AWS deal, Virta Health hits $100M in revenue, powered by GLP-1 maintenance; VirtuAlly’s JC telehealth accreditation
M&A consolidation + integration continues with Health Catalyst-Upfront Healthcare, New Mountain-Access Healthcare and Machinify, SuperDial-Major Boost (As predicted)
Walgreens’ kicks off FY 2025 with a wider net loss of $265M; shares rise 25% as closures, sales, and cost-cutting continue (Prelude to a sale?)
AI-powered senior companions hit the tabletops at CES: ElliQ’s Caregiver Solution, ONSCREEN Joy (Making social communication easier for older people)

Our opening was devoted to rounding up the inter-holiday period and looking forward to 2025. 2024’s end held a few sneaky surprises such as NeueHealth going private via investor NEA, another General Catalyst consolidation, and a few more under the wire fundings. Not surprising was UHG and Amedisys extending their runway–as well as VA with Oracle Health rollouts. Looking at 2025, Walgreens and their inevitable sale, experts predict, and Glen Tullman’s Transcarent buys up the competition. 

News roundup #2: why Walgreens is considering selling to a PE, December fundings, 2024’s surprises, M&A ’25 predictions, Transcarent buying Accolade for $621M (Why should Glen Tullman wait on a big buy?)
News roundup #1: UHG-Amedisys extended, NeueHealth going private in NEA’s ‘deal deal’, Commure buying Memora Health, VA resuming Oracle rollouts–now mid-’26 (NeueHealth continues to defy gravity and Reality)

We wound it up for 2025 with a year’s end newsletter to our Readers with a few Quirky Predictions and some Santa Wishes. A lot of news around telehealth in the continuing US budget wrangle that was finally passed for a few months, raises making it inside the 2024 wire, UHG sued by Nebraska over Change and insider trading, Redesign Health’s fresh funding, Withings’ new BPM, removing language barriers using telehealth, and quite a bit more.

A year’s end newsletter to our Readers: a few wishes for Under the Tree, a few Quirky Predictions for 2025  (We stay true to being opinionated!)
News roundup: Precision’s $102M raise, more on BCI; Withings clears BPM Pro 2; Nebraska 1st state to sue Change/UHG, related insider trading update; VA Oracle go-lives may resume; ATA intros CODE; ClearDATA HITRUST certified (UHG’s Mound of Misery grows)
Rounding up last of 2024’s M&A/fundings: Redesign Health’s $175M, HEALWELL AI buys Orion Health, startup Tuva Health’s $5M (In the bank for 2024)
Federal budget continuing resolution battle could derail or delay telehealth extensions, physician fee increase, PBM reforms (updated 19 Dec) (Cut down by 90%, it may pass)
Perspectives: How Telehealth is Transforming Access for Limited English Proficiency (LEP) Patients (Removing a critical barrier)

The countdown to the holiday continues, with Walgreens working on a sale to a PE, kiosks reemerging, investigating a Masimo proxy war player, and shareholders sue HealthTap. CareMax sells the rest of itself, benefiting a 15% investor–and leaves 530 workers with coal in their stockings. Maternal monitoring in Malawi and healthcare workplace violence may make virtual nursing more attractive. And the tragedy of UnitedHealthcare’s CEO murder deepens with the suspect’s capture.

Short takes: improving healthcare worker safety; CareMax may ax 530 jobs in bankruptcy/sale, finds 2nd buyer; $15M Series A for Evidently, $35M Series B for Hyro AI (Both coal and presents in stockings)
Breaking: Walgreens in talks to sell out to PE Sycamore Partners (A speedy denouement?)
Perspectives: Virtual Nursing Optimism Grows, But Providers Remain in Early Stages (AvaSure guest editorial)
News roundup: OnMed to debut CareStation at January CES, former HealthTap employees sue investor MDV, maternal monitoring spotlight with PeriGen/Texas Children’s in Malawi, Ouma Health-Marani Health partner (Kiosks and lawsuits reemerge)
Breaking: suspect in UnitedHealthcare CEO’s murder arrested in Pennsylvania, to be arraigned tonight (updated) (The tragedy expands)
Masimo update: SEC announces investigation of RTW Investments and role in proxy war voting (Next act in Masimo drama)

Our kickoff towards the holiday season very sadly starts with the shocking murder of UnitedHealthcare’s CEO en route to a meeting in midtown Manhattan. There’s an abundance of other news. Black Basta and Salt Typhoon are hacking telecoms, there’s a brace of M&A action from healthcare staffing to RPM to PR, and technology action includes Neuralink and mood prediction to sleep activity. But the sad trombone continues to play for 23andMe and VillageMD.

Weekend short takes: Merative’s $25M funding, Risant closes on Cone Health, Aya buys Cross Country staffing for $615M, Supreme Group acquires Amendola PR
BT Group hacked by Black Basta, China’s Salt Typhoon breached 8 telecoms in dozens of countries, government records 
News roundup: VA’s 2025 EHR budget + vendor breach, Neuralink robot arm study, linking mood prediction to sleep, CoachCare buys Revolution Health RPM/CCM, Seen Health’s $22M launch, Spectrum.Life in Deloitte Ireland’s Fast 50
Breaking: UnitedHealthcare CEO Brian Thompson murdered in NYC
Wojcicki: I’m transforming 23andMe to be ‘viable’ and thriving–but had ‘no idea why her board resigned’ (Sad Trombone 1)
VillageMD’s co-founder/CEO resigns as Walgreens continues the brush-off after billions in losses (Sad Trombone 2)


Have a job to fill? Seeking a position? See jobs listed with our job search partner Jooble in the right sidebar!


Read Telehealth and Telecare Aware: https://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our advertisers and supporters: Legrand, UK Telehealthcare, ATA, The King’s Fund, DHACA, HIMSS, MedStartr, and Parks Associates.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine, and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

2024 earnings roundup, after a dramatic year: UnitedHealth Group and Masimo

UnitedHealth Group’s annus horribilus closed out with a decent, but not up to earlier projections, financial report.

Having opened in February with the massive (and massively expensive) ransomware/hack of Change Healthcare, UHG didn’t have a lot of bright spots. Elevated utilization rates increased expenses; changes in Medicare Advantage reimbursements and the STAR ratings metholodogy changes reduced bonus payments.

Then, in the early, dim morning of their 4 December investor day in NYC, UnitedHealthcare’s CEO Brian Thompson was murdered while entering the New York Hilton Hotel. The manhunt and the controversy set off by the perpetrator’s so-called ‘manifesto’ exploded into a hurricane of severe public criticism on how plans process claims and treat members, a traditional and social media/online storm that only diminished around Christmas and the rise of other news. In literal fear for their lives, health plan executives took the lowest profiles they could manage. 

UHG’s earnings, while positive overall, reflected this uncertainty with lower Q4 revenue causing them to miss Street estimates. Share price fell over 6% today (Thursday). 

  • UHG’s Q4 revenues were $100.8 billion versus $94.4 billion in the prior year, up 6.8%. Profit of $5.5 billion was flat versus prior year. UHG’s 2024 revenues were $400.3 billion, 7.7% higher than 2023’s $371.6 billion. 
  • Health plan unit UnitedHealthcare’s 2024 revenues were $292 billion, up 6%, with operating earnings of $15.2 billion. US commercial members grew by 2.1 million.
  • Their 2024 medical cost ratio — the percentage of premiums spent on medical care — rose to 85.5%, far higher than 2023’s 83.2%, exceeding analysts’ projections of 84.96% and far above the targeted 80%.
  • Optum’s revenue, affected by the Change Healthcare hack and ransomware payments, still rose to $253 billion, up $26.3 billion or 12% versus prior year. The Optum Insight unit, which includes Change, had revenues of $18.8 billion, declining 1% because of the $867 million loss due to business disruption.

UHG release, FierceHealthcare, CNBC 

UHG also announced:

  • The Optum Rx unit will now pass through 100% of rebates negotiated with drugmakers to their clients–insurers, states and unions. This is up from 98% since 2% have preferred other rebate models. FierceHealthcare
  • UHG and Amedisys filed last week in the US District Court of Maryland to have the November Department of Justice suit dismissed. They cited that the DOJ did not adequately prove that the $3.3 billion acquisition would be anti-competitive. For one, the DOJ did not adequately define or provide detail on the geographic markets that would become be non-competitive. FierceHealthcare  They extended their deal deadline to the end of 2025 last month.
  • Change Healthcare stated yesterday that it has ‘substantially’ completed notifying affected consumers of their breach. Interestingly, if you use a search engine to try to find the breach notice, you’ll have a great deal of trouble–because the source code contains a hidden “noindex” code on the notice. ‘Noindex’ code tells search engines to ignore the web page–and has been there, apparently, since 20 November 2024. UHG has also not publicly disclosed a more exact number of those affected beyond the long-ago estimate of 100 million. TechCrunch   The state of Nebraska has sued UHG, Optum, and Change over the breach [TTA 19 Dec 2024

Masimo, ending a dramatic year of its own, now firmly in the control of Politan Capital Management despite flying lawsuits with former CEO Joe Kiani and an SEC investigation announced last month, issued its preliminary 2024 closing financials and their 2025 guidance. What’s hot–their consumer and professional medical devices, including smartwatches, that measure vital signs including pulse oximetry. What’s not–their audio business under Sound United, which is on the block.

  • 2024 healthcare revenue was up smartly by 9% to $1.395 billion. 
  • 2025 healthcare revenue is projected to increase 8-11% in the range of $1.5 billion to $1.53 billion. Non-GAAP operating profit is projected for 2025 at $398 million to $406 million.
  • Non-healthcare revenue (a/k/a Sound United) was $699 million. That declined 10% decline on a reported basis. 
  • Non-GAAP EPS for 2024 was $4.10. 

For 2025, Masimo is ending reporting for the Sound United business nor providing 2025 guidance since they are selling it. The only guidance they are giving is on the healthcare business. If one does the math–selling off Sound United will take out $700 million from their revenue. One more thing…updated results will be postponed until their investor call, delayed until Tuesday, 25 February. Mass Device, Masimo release

News roundup #1: UHG-Amedisys extended, NeueHealth going private in NEA’s ‘deal deal’, Commure buying Memora Health, VA resuming Oracle rollouts–now mid-’26

The end of year is a favorite time to slip in news that deserves wider notice. Sometimes it’s by design so as not to be noticed…and sometimes it’s timing. Or both. Here’s a potpourri of analyses of late December moves of note.

UnitedHealth Group and Amedisys home health agreed to extend their deal window to 31 December 2025. Amedisys filed regulatory paper on 26 December (file here) that moved the acquisition termination date to end of this year, or alternatively to 10 business days after a final court ruling blocking the merger. The latter is a distinct possibility since the Department of Justice back on 12 November filed a lawsuit to prevent the acquisition [TTA 14 Nov 24] on anti-trust grounds, joined by the attorneys general of four states. Amedisys, a major competitor to UHG/Optum, would be merged into Optum’s existing home health operations.

This long-running acquisition started back in June 2023 as an all-cash deal for $3.3 billion and went into DOJ review by August. The target closing at that time was end of 2024 as both companies knew that divestitures would be necessary. The penalty for non-completion was also upped to $325 million if needed divestitures to the VitalCaring Group proposed last July aren’t completed by 1 May. Even with a new Attorney General coming in after Senate confirmation, the wheels are already in motion for this antitrust action that throws a completion into doubt. Becker’s, Healthcare Dive

Gimlet EyeNeueHealth to be taken private by New Enterprise Associates (NEA) and other investors. The latest episode of the long-running NeueHealth (formerly BrightHealth) show dropped on 23 December. Existing investor NEA and 12 other investors with preferred shares in the company will take it private at an enterprise value of approximately $1.3 billion and roll over their shares for equity in the private company. Other holders of common stock will be cashed out, receiving $7.33 per share, a premium of 70% over the $4.31 closing on 23 December. The final price may change as common shares went up sharply the next day and remain up–today (8 January) opened at $7.49. Closing timing of this ‘deal deal’ is dependent on shareholder and regulatory approvals. Management will remain and roll over their shares into the company. Hercules Capital’s loan facility remains in place.  

Buried in the release is this caveat: “The merger agreement includes a 30-day “go-shop” period that will expire at 12:01 AM New York City time on January 23, 2025, which permits the Special Committee and its financial advisors to solicit and consider alternative acquisition proposals.” These proposals will be kept under wraps. But in this Editor’s view, outside offers are highly unlikely given the company’s death-defying history, continuing losses, and Ticking Time Bombs (see below). Their Q3 results had projected full-year 2024 adjusted EBITDA between $15 million and $25 million–but they lost $40 million in Q3 with the 2024 loss to date over $102 million.

As Ari Gottlieb dryly noted in his LinkedIn post, the company is $1.4 billion in debt. $7.33 per share is quite a comedown from the June 2021 IPO at $18 and an $11 billion valuation. The payout to the 36% of shares held by the other public shareholders is a paltry $21 million. Bottom line–NEA and the preferred investors are buying the company for $21 million–such a deal!

This Editor has previously and Gimletly noted NeueHealth’s high-wire act. It has truly Dodged Disaster with aplomb, skillfully creating its Own New Reality. But its Ticking Time Bombs remain: $300 million in CMS Repayment Agreements due on or before 14 March 2025 and $89 million owed to Texas from last year to cover risk liabilities for its shuttered ACA plans [TTA 14 Feb]. To be continued…   Release, Star-Tribune, FierceHealthcare

Commure bought digital health navigation platform Memora Health. Neither acquisition cost nor management transitions were disclosed on 20 December. Commure has one of the more interesting stories out there as the current company emerged from a General Catalyst-engineered estimated $6 billion merger between Commure and Athelas, with Athelas taking the upper hand in the reorganization [TTA 23 Oct 2024]. It should then be no surprise that Memora has significant investment from General Catalyst, which led its last round of funding in April 2023, making this another investor-arranged deal.

Commure’s primary products are the Strongline duress systems for worker distress and patient elopement and the Patient Keeper EHR, with Athelas in revenue cycle management and sensor-based remote patient monitoring. The combined company now features AI-aided workflows, RCM, duress systems, and a software development platform accessible to outside vendors. What Memora is primarily known for is automating practice follow-up texts before and after procedures. The Memora acquisition is positioned as reinforcing CommureOS’ clinical documentation, RCM, and real-time location services (RTLS). In October, Commure closed their acquisition of Augmedix, an AI-assisted physician scribe used by 20 health systems, for $139 million ($2.39/share), giving it a huge leg up into those providers. Augmedix IPO’d via a SPAC in 2021 at $4/share. About 400,000 physicians are claimed to be users of the Commure suite of products.  Release, Mobihealthnews, Endpoints, FierceHealthcare (Augmedix)

And what end of year would it be without a hopeful note from the VA about the Oracle Cerner rollout–now continuing in mid-2026? The Department of Veterans Affairs (VA) on 20 December officially targeted mid-2026 for four Oracle Cerner implementations, 18 months from now. It’s carefully hedged that they are beginning ‘early-stage planning’ for deployment in four Michigan facilities — Ann Arbor, Battle Creek, Detroit, and Saginaw. Meanwhile, improvements will continue at the five sites that use Oracle Cerner plus the sixth joint implementation with the MHS (Lovell). Interestingly, the current VA secretary, Denis McDonough, announced at an 11 December press conference that new implementations would start before the end of 2025 [TTA 19 Dec 2024]. This Editor assumes that the staff sharpened their pencils and recalculated right before Christmas. What’s also hopeful for Oracle and the VA are continuing  improvements in veteran outpatient trust and clinician satisfaction scores, as well as effectively eliminating outages for 200 days as of the release date. VA release, Healthcare Dive 

Bad News Roundup updates: UHG/Optum defends Amedisys buy fast via a website, digging deeper into Forward’s fast demise, former Masimo CEO Kiani booted–and sued (updated)

The other shoe drops, as UnitedHealth Group/Optum take their defense public a day later. This unorthodox approach to defending an acquisition against a Department of Justice lawsuit [TTA 13 Nov] is visible on a specially set up Optum page. ImprovingHomeCare.com predictably highlights the benefits of an Amedisys merger along with the divestitures to VitalCaring Group. The gauntlet thrown is unadorned: “The Amedisys combination with Optum would be pro-competitive and further innovation, leading to improved patient outcomes and greater access to quality care. We will vigorously defend against the Department of Justice’s overreaching interpretation of the antitrust laws.”

  • Setup is around present and future demand–and that providers have to be capable of investing and scaling to meet it. “70% of adults 65 or older will likely need some form of long-term care during their lives.” and 3 million Americans received home health services in 2020 (Editor’s note–in a pandemic year when visits were certainly curtailed).
  • Home health is highly fragmented both nationally and locally, thus the acquisition isn’t anti-competitive. “In metropolitan areas with approximately 500,000 residents, there are an average of 26 agencies serving the metro area. The combination of Optum and Amedisys would be a fraction of both home health and hospice–and there would be strong competition in both metro and rural areas.
  • The divestiture to VitalCaring would further preserve competition, and that VitalCaring is a quality competitor. The DOJ release made much of VitalCaring’s inadequacies, such as their lower quality scores, financial difficulties, and leadership. VitalCaring, headquartered in Austin, Texas, currently operates in six states with 58 locations with plans to expand. Their CEO April Anthony is cited as building multiple home health companies ‘from scratch’ such as Encompass Care.
  • Additional proof points stress streamlining of care across Optum’s areas of expertise, integrating technology, and improving value-based care coordination.

FierceHealthcare

Forward’s shut down continues to reverberate in a classic tale of overreach and misdirection. Their bet on kiosks, plus a ‘forward-tech’ approach to a concierge-on-the-cheap, no- insurance-accepted model of primary care over eight years, apparently led to what pilots call a death spiral–it begins wide and imperceptible until it tightens and accelerates fatally in a final dive. Business Insider, true to its name, spoke with 11 anonymous and now former employees who attributed the failure to putting all their chips on 3,200 CarePods installed in one year. Their CEO, Adrian Aoun, was obsessed with technology to the point where he wanted to replace his offices and doctors with CarePods and started to strip the clinics of services, despite only two CarePods installed. 

Most advanced, yet unacceptable*. Patients didn’t try out or use the CarePods, finding them less than inviting. Logistical challenges delayed placements in large markets like New York and Chicago. Then technical problems mounted: automated blood draws failed, lab tests were withdrawn. The coup de grace–patients kept getting trapped in the CarePods. They were insanely expensive–the first two CarePods cost over $1 million each. Then the huge units were unattractive to landlords who didn’t want to fight local building codes nor saw a profit in them. By the end of the summer, there were only two CarePods in place at a mall in Sacramento and in Chandler, Arizona, both gathering dust. (*Shout out to Raymond Loewy, Never Leave Well Enough Alone)

In the increasingly empty Forward clinic offices, the futuristic tech and breadth of services touted in social media adverts weren’t quite as advertised. The whole-body scanner glitched requiring manual checks. Their lab tests became limited to those that could be done in-house, eliminating genetic testing via 23andMe along with services such as simple dermatology removals.

Christina Farr in Second Opinion has a set of takeaways worth noting, with this Editor’s comments (in parentheses):

  • Subscription-based, out-of-pocket healthcare is possible–but hard. (WAY hard when basics are up 25%+! And insurance is almost a given, even if taken in part.)
  • Brick-and-mortar clinics make only limited sense–and space must be used economically, not easy to do in health tech. (Retail and in-person are perhaps anathema in the concepts of those in health tech.)
  • We’re not focusing on those who really need care (But they’re not sexy, wealthy, or relatable to the creators of said tech. Many of them are also on Medicare and Medicaid–truly not sexy.)
  • Primary care is a tough starting point for subscription care (Except the very highest, most exclusive end as she notes!) Specialties may be more amenable to this model. (But volume?) And different age groups want different relationships within this type of care.
  • Timing is everything. Perhaps if Forward had started its clinics today it would have had a far better chance of success? (Then look at bullets 1-4 and see how truly daunting a tech-first clinic setup can be for the tech mindset untempered by research and UX-minded marketing.)

Forward is yet another sad and expensive example of 1) a founder hyperfocusing on whiz-bang technology, 2) losing touch with the customers using it, 3) not improving delivery based on customer needs, and 4) forgetting where he ostensibly started–the mission of improving healthcare. This Editor is sure that his 30-odd investors, especially Vinod Khosla, will have something to say to him about running through $100 million in one year–and over $300 million over eight years.

Masimo’s now-former CEO booted from his company and sued–to boot! (updated) The new management formally terminated founder Joe Kiani on 24 October, as noted in an October SEC filing. In a classic ‘you’re fired..no, I quit!’ situation, after he lost the proxy fight for control of the company, he resigned on 19 September. Kiani immediately filed a lawsuit against Masimo in California state court to obtain a $400 million payout per his employment contract. It is reported to be a declaratory relief suit that hinges on a ‘resignation for good reason’. This is usually specified in the contract. An example is that the executive ceases to be part of senior management, along with others.

The new board of directors has now turned the tables. Masimo is now suing Kiani and RTW Investments in the US District Court for the Southern District of New York. The complaint alleges collusion to violate Federal securities laws by secretly manipulating the shareholder vote through an ’empty voting’ scheme. Empty voting is done through put options or by selling the shares after the record date but before the shareholder meeting. It’s a way for an investor to build up share control and sway the outcome of a shareholder vote at little cost. The suit proposes that Kiani and RTW did precisely that, rigging the vote by acquiring control of over 19% of shares. Evidently, the BOD has proof. The lawsuit and more details are in Strata-gee.

(Editor’s opinion: this is a bare-knucks attempt to claw back Kiani’s contract payout by the new controlling company, Politan Capital Management. And both lawsuits could be true. Pass the popcorn.)

Insult upon injury for Joe Kiani is that shareholders now have some hope that management can save the company by concentrating on healthcare tech. Shares are up. Masimo’s Q3 results reported on 5 November were strong though net income declined. Sound United, the main anchor dragging down the company, is now termed ‘a discontinued operation’. Exhaustive detail on their results is in Strata-gee here.

Class action legal action by pharmacists, providers ramps up against Change Healthcare/UnitedHealth Group

More litigants in a legal pile-on in Minnesota. The National Community Pharmacists Association (NCPA), with 19,000 pharmacy members, and around 40 providers have filed suit against UnitedHealth Group, Optum, and Change Healthcare in the US District Court for the District of Minnesota. The 140-page document charges that UHG/Optum/Change had substandard network security in their clearinghouse operations, leading to the Blackcat/ALPHV breach, and that the plaintiffs might have chosen another clearinghouse and revenue cycle management platform had they known this. The pharmacists and providers all suffered monetary damages from the outage that are still unresolved.

From the press statement, NCPA CEO B. Douglas Hoey: “NCPA was against UnitedHealth’s acquisition of Change from the start. This breach proves that bigger is not better and that consolidation often leads to inefficiencies. Companies are so big they cannot protect every entry point and cannot respond quickly due to internal bureaucracy. The fact issues remain unresolved is a testament to this point. This breach has cost our members a significant amount of money and time and it is still not resolved months later.” He also pointed to the pharmacies’ losses remaining unpaid, financial losses, and taking losses for vulnerable patients with high-cost prescriptions.

According to Healthcare Dive, the multiple lawsuits against UHG must be centrally filed in Minnesota, as ordered by a Federal judicial panel, since UHG is headquartered there. Nothing will move quickly, as class action suits typically take two or more years to be heard and then appealed.

Change started its HHS-OCR mandated process of notifications around 20 June with hospitals, insurers, and other customers. Individuals and practices were not scheduled to be notified until late July but no date has been announced. The Change website also contains a very carefully worded ‘HIPAA Substitute Notice’ that reads like a consumer data breach notification. TTA 21 June

Follow up roundup: Amwell to reverse stock split to avoid delisting (updated), Amazon Clinic folded into One Medical, Amedisys divesting to close UHG deal, latest on Steward Health’s antics and $7M spying, Masimo’s shareholder fight (latest)

Amwell will reverse stock split to fix their pending delisting on the NYSE. The board of directors approved on 28 June a 1 for 20 reverse split. This will remedy their non-compliance with NYSE regulations requiring an average closing price of above $1.00 over a consecutive 30 trading-day period [TTA 5 Apr]. Shareholders approved the move at their meeting on 18 June. The NYSE notice was given on 2 April and the reverse split will happen at the market open on 11 July, well within the six-month window. Amwell Class A shares closed yesterday at $0.27 so that condensing 20 shares will bring the share price around $5.40. Amwell’s 2024 is forecast with revenue in the range of $259 to $269 million and adjusted EBITDA in the (less) red between ($160) million to ($155) million, with no breakeven in sight until 2026. Their Q1 posted a $73.4 million net loss. Amwell has also released 10% of staff since the palmier days of 2023. Amwell, like Teladoc, continues to struggle in a stand-alone urgent care model that is now obsolete. Release, Healthcare Dive

Update 11 July: Amwell shares opened today at $6.52, and as of midday were trading at $7.51. So short term, the reverse split is working to plump up the shares.

Amazon says goodbye to Amazon Clinic by folding it into One Medical. This should come as no surprise to Readers who noted the  May departure of Clinic’s general manager Nworah Ayogu, MD to VC Thrive Capital with no replacement or search. Amazon’s announcement on 27 June was typically upbeat in renaming the service as One Medical’s Pay-per-visit telehealth. The improvements they claim are:

  • Pay-per-visit telehealth for 30+ common but minor conditions, like pink eye, the flu, or a sinus infection
  • A One Medical monthly or annual membership plan that includes on-demand virtual care and same or next-day appointments at 150+ One Medical primary care offices
  • More affordable–messaging/asynchronous visits are now $29, formerly $35, and video visits at $49, formerly $75. 

The catch–existing Clinic members have to log into One Medical to access their records and the service. Amazon is also propping up One Medical through Prime membership, offering a better deal at $99/year and non-Prime individuals for $199 per year. Amazon does not disclose users, growth, or revenue for either Clinic or One Medical. Healthcare Dive

The long-delayed UnitedHealth-Amedisys home health deal moves closer to closing. Amedisys and UHG’s home health operation under Optum will be divesting some of their locations to VitalCaring Group to avoid Department of Justice anti-trust concerns. The divestiture is contingent on the acquisition closing, now projected in second half of this year. The number of locations was not disclosed though earlier speculation had estimated it at 100. UHG’s offer to acquire Amedisys was made in June 2023 for $3.3 billion in an all-cash deal. It would be additive to its earlier $5.4 billion buy of LHC Group, now part of Optum. With the divestiture, analysts do not see any impediments to a closing, though it had faced opposition in Oregon in March and DOJ opposition since it was announced. This Editor remains sanguine about a successful closing. After UHG won versus DOJ in the Change Healthcare acquisition, “DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing.” Expect a few more impediments tossed in their direction over the next months. FierceHealthcare , Zack’s Research

The latest episodes in the continuing soap opera of Steward Health involve both Optum and James Bond moves on their critics. Optum had offered back in March to buy their practice groups under Stewardship Health, which stalled with first the Massachusetts Health Policy Commission (HPC), then their bankruptcy. That offer is now off, leaving Steward in the lurch. It was critical to $75 million of Steward’s debtor-in-possession (DIP) financing as recently as 13 June [TTA 14 June]. The deal would have been problematic anyway for Optum as they are under DOJ scrutiny not only for Amedisys but also because Optum controls or has arrangements with 10% of US physicians, 90,000 to date. Healthcare Dive They also settled recently with DOJ for $20 million on Optum Rx’s filling orders from a mail-order pharmacy in Carlsbad, California between 2013 and 2015 for Schedule II drugs: opioids, benzodiazepines, and muscle relaxants. Healthcare Dive

Adding to Steward’s piles of misery are the latest revelations that Steward financed a $7 million spy operation on their critics. This loony aspect to the Steward endgame involved contracting with UK investigators on surveilling a critical former executive, a British financial analyst, and a Maltese politician to find compromising actions between 2018 and 2023. The investigations were allegedly authorized and prioritized by Steward’s top executives while Steward struggled to pay bills for its hospitals and practices. Payments to the investigators were routed through Steward’s Malta operation against their critics in Malta and elsewhere. Steward at the time was embroiled in a dispute around their management of hospitals in Malta, which was eventually investigated and terminated by a Maltese court last year.

One example: the UK firm Audere “collected embarrassing personal information and photographs of a former Steward employee after Steward feared he would leak financial information to its auditor.” Another was the investigation and harassment of a British financial analyst, Fraser Perring, critical of Steward’s actions in its dealings with Medical Properties Trust (MPT). He was followed, his home CCTV was disabled, his home was broken into, family members and his partner were followed. Perring was also being smeared on Twitter through an account set up by Audere. There is much more on this in OCCRP’s report, published (paywalled) in the Boston Globe and Times of Malta. OCCRP’s full report and findings are here. FierceHealthcare

Electronics, audio, and medical device company Masimo continues to fight a hostile activist investor, Politan Capital Management. In December 2023, Masimo notched a significant win via the International Trade Commission versus Apple’s Series 6 and later Watches that forced Apple to disable its pulse oximetry (SpO2) sensors and software that violated Masimo’s smartwatch patents [TTA 28 Dec 2023]. Politan descended on Masimo in April accusing CEO and chairman Joe Kiani and others of mismanagement, including the 2022 acquisition of Sound United’s audio brands. It won two seats on the Masimo board of directors at the last shareholders’ meeting and is demanding two more seats at this year’s meeting on 25 July which would give it effective control.

The latest in the proxy fight is that the chief operating officer, Bilal Muhsin, will depart after 24 years at Masimo if Joe Kiani is forced out. The brief conditional resignation was sent to Masimo’s lead independent director, Craig Reynolds. Mentioned in the resignation was that he would refuse to work with Quentin Koffey, a Masimo director and chief investment officer of Politan Capital. More letters like this may be coming as reportedly Masimo management has urged employees to sign similar letters. Strata-gee, MedTech Dive  

Politan was the investment group that upended Centene Corporation and ousted most of Centene’s board plus 25-year CEO Michael Neidorff in 2022 shortly before his death on 7 April 2022 [TTA 18 Dec 2021]

Update: 300 engineers in Masimo’s healthcare division expressed specific support for Joe Kiani against Politan and Quentin Koffey in an open letter. “We wish to convey our deepest concern if Quentin Koffey and Politan Capital take control and Joe Kiani is removed. We are committed to Masimo because of the vision and innovation he pushes and drives us to deliver. The prospect of losing our founder and CEO threatens to derail the progress we have made and jeopardize the future of Masimo.” They also expressed that they may leave. “We, the undersigned from Masimo Healthcare Engineering, wanted you to be aware that we may not continue with the company if Joe Kiani is replaced by Quentin Koffey and Politan Capital.” This follows on other letters written by international regional managers and presidents in June also stating their support and warning that they may leave if Kiani leaves. The annual shareholder meeting is scheduled for 25 July.   MedTech Dive

However, Masimo is also embattled on other fronts: earlier in June, DOJ and FDA announced their investigation of problems with their Rad-G and Rad-97 SpO2 devices leading to a recall and the SEC is investigating potential accounting irregularities and internal control deficiencies. MedTechDive

Midweek news roundup: Optum exiting telehealth, laying off; Advocate Health selling MobileHelp; VA notifying 15M veterans re Change PHI breach, Oracle moving to Nashville–maybe? (updated)

Optum Virtual Care closing, staff layoffs in progress. Optum Everycare CEO Jennifer Phalen on an 18 April internal conference call announced that the unit would close. According to sources, some employees would have layoff dates in July. No further details were available on other layoffs or plans for integrating Virtual Care’s capabilities into other Optum units, except for generalities. “We are com­mit­ted to pro­vid­ing pa­tients with a ro­bust net­work of providers for vir­tu­al ur­gent, pri­ma­ry and spe­cial­ty care op­tions,” and “We con­tin­u­al­ly re­view the ca­pa­bil­i­ties and ser­vices we of­fer to meet the grow­ing and evolv­ing needs of our busi­ness­es and the peo­ple we serve.” a spokesper­son for Unit­ed­Health said to End­points, a biopharma publication from the University of Kansas which broke the story.

For Optum, this is the second shoe drop about layoffs and closures in less than two weeks. Reports from social media and layoff-specific boards indicated that thousands were being laid off, from their plans to urgent care and providers [TTA 23 Apr]. These were not confirmed by Optum nor by UnitedHealth Group. It’s not known if this unit’s closure was included in the total. 

The larger picture is that it is symptomatic of the sudden growth, then equally sudden consolidation, of general telehealth. Optum opened the unit in April 2021 as the pandemic entered year 2. Utilizing existing capabilities, UHG claimed it facilitated more than 33 million telehealth visits in 2020, up from 1.2 million in 2019. The number looks sky high but in that time of practices closing it was a free-for-all in telehealth–and ‘facilitating’ is a nebulous catchword that could mean a practice using Facetime, telephones, or an EHR/population health platform module. Commercial claims for telehealth have remained at 4 to 5% since (FAIR Health, Jan 2024). Even during the pandemic’s first year, telehealth claims hit a peak of 13 percent in April 2020 that dropped fast to 6% by August 2020. Well over 60% are for behavioral telehealth claims.

A leading indicator: Last June, Optum Everycare’s CEO from their 2021 start, Kristi Henderson, a former Optum SVP for digital transformation, departed to become CEO of Confluent Health, a national network of occupational and physical therapy clinics. It was about as far away as one could get from telehealth, digital transformation, and Amazon Care, her former employer that expired in 2022.

Apparently, UHG and Optum see no further need for a virtual care specialty unit, instead integrating it into plans and other Optum services. According to MedCityNews, industry analysts aren’t surprised. Both Amwell and Teladoc have had well-known struggles. The latest: Walmart, after investing millions into their unit that included full clinics and a virtual care service, also made news on 30 April that it is closing both. Also greatly on UHG’s mind: cleanup after the Change debacle, making Mr. Market happy, and the looming antitrust action by DOJBecker’s, Healthcare IT News, 

In another sign that healthcare investors are selling off ancillary businesses, Advocate Health is selling PERS provider MobileHelp. It “no longer fit the strategic priorities of Advocate Health” according to their 22 April audit report (see document pages 10 and 13) and was authorized last December.

Advocate, through its investment arm Advocate Aurora Enterprises, acquired both MobileHelp, one of the earliest mobile PERS, and sister company Clear Arch Health, a remote patient monitoring provider, in April 2022. Cost was not disclosed at that time but later was reported to be $290.7 million. The plan at the time was to combine both MobileHelp and Clear Arch with a senior care/home health provider earlier acquired by Advocate for $187 million, Senior Helpers. That company was sold in March to Chicago-based private equity firm Waud Capital Partners for an undisclosed amount. The MobileHelp sale is expected to close later this year. Buyer and price are not disclosed. The expected loss on the MobileHelp sale was figured into FY 2023 as part of an asset impairment write-down of $150 million, which Advocate said was “related to the expected loss on the sale of MobileHelp.” The PERS and RPM business is a largely consolidated ‘cash cow’ type of business that (Editor’s prediction) will be snapped up by another player like Connect America, Alert One, or a smaller player like ModivCare. Milwaukee Business Journal, Becker’s, Crain’s Chicago Business (requires subscription)

VA admits that some veterans may be affected by Change Healthcare data breach, PII/PHI disclosure. While Department of Veterans Affairs Secretary Denis McDonough at this time believes that “there’s no confirmation yet” that veteran data was exposed, the scope of the Change Healthcare breach has led VA to formally alert via email 15 million veterans and their families of the possibility. The email also included information “about the two years of free credit monitoring and identity theft protection” that Change Healthcare is offering to those affected by the attack. The VA maintains that the attack resulted in only a temporary delay in filling 40,000 prescriptions but did not cause “any adverse impact on patient care or outcomes,” according to a department spokesman. NextGov/FCW 26 April, 23 April 

In related news, HHS as of 19 April had not received any notification from Change Healthcare nor UHG. They are required to file a breach report as providers and also as covered entities. They have 60 days from the breach occurrence on 21 February to report, which is coming right up. Becker’s

If Larry said it, it must be true…assemble the moving boxes. At an Oracle conference in Nashville last week, Oracle chairman Larry Ellison said to Bill Frist of investment firm Frist Cressey Ventures that he planned to move the company to that city as “It’s the center of the industry we’re most concerned about, which is the healthcare industry.” It’s their second public Larry and Billy meetup in the last few months, the last in November at the Frist Cressey Ventures Forum where Ellison had previously touted Nashville. Ellison is investing in and building a 70-acre, $1.35 billion campus on Nashville’s riverfront. Oracle is currently HQ’d in Austin, Texas having moved in 2020 from Redwood City, California but with extensive facilities remaining in the state. Texas and Tennessee have one thing in common–a superior business climate. Both are long on lifestyle, though Austin is not as temperate (read, hot) as Nashville. What Nashville has that Austin doesn’t is being a healthcare hub. At least in Ellison’s view, healthcare is where it’s at and so is Nashville. So as long as he’s running Oracle from his manse on Lanai, Oracle does what Larry says. Healthcare Dive, Healthcare IT News, The Tennessean

More fun facts about Larry Ellison and Nashville: David Ellison, his son, is founder of Skydance Media, a major Hollywood production company (Mission: Impossible and others) and negotiating a zillion-dollar merger with Paramount Pictures. David’s wife is a singer trying to make it in Music City and they have a home there. Kind of like the age-old trend of moving the HQ near where the CEO’s living. On moving the HQ to Nashville from Austin, this would affect perhaps 2,500 workers based there currently. Most of Oracle’s workers are dispersed and work remotely. 6,400 of former Cerner-ites are still in Missouri and 7,000 remain in California. Big hat tip to HIStalk—scroll down and see more about Larry and Billy’s talk, which also covered cybersecurity, the NHS (which uses Cerner), and automating hospitals and the hospital-payer interface.

Who really has the 4TB of Change Healthcare data 4 sale? And in great timing, Optum lays off a rumored 20K–say wot?

The data is for sale! And the top does not go down, but the price definitely goes up! That old antique auto auction cry is paraphrased here because the 4TB of patient data hacked from Change’s systems is up for sale, since Change/Optum didn’t buy it. Interested parties should stroll over to the dark web and see RansomHub’s listing for details.

Unlike some news sources that got confused, this apparently is the same 4TB that BlackCat/ALPHV affiliate ‘notchy’ stole (technically, exfiltrated) posted about on a dark web site shortly after the attack [TTA 7 Mar]. According to those early reports, ‘notchy’ was dissatisfied that he didn’t get a cut of the $22 million ransom that Optum supposedly paid the BlackCat/ALPHV group.

For their $22 million ransom, which Change has not, repeat NOT, confirmed, ALPHV gave Change a decryptor key. But, they didn’t have the good manners to 1) return the stolen data to Change or delete it, which included highly sensitive data from multiple Change customers including active military PII (from Tricare), patient PII, payment and claims data, and much more, and 2) pay a cut to the affiliate. And then ALPHV shut down and ran out of town.

Here’s the latest updates from DataBreaches. net

Over a month later, an outfit called RansomHub posted, again on the dark web, that it has the 4TB of data. 

As reported here on 10 April, there was an announcement on the RansomHub website, not signed by ‘notchy’, that if Change wasn’t interested in paying for the data, it would be up for sale. There was some confusion, based on a WIRED report, that this was a second breach. The RansomHub information seemed to point to only ‘notchy’s’ data.

DataBreaches followed up with RansomHub to 1) verify they had the data, asking if 2) was it ‘notchy’s data’, and 3) how did RansomHub obtain it if not ‘notchy’? RansomHub also leaked some screenshots of  2011-2013 Medicare claims data. This old data raises even more questions on why this data was even available online and not stored offline…unless…. RansomHub’s 15 April posting included this statement, “The more we go through the data the more we are shocked of the amount of financial, medical, and personal information we find and it will be more devastating than the first attack itself.” 

By 16 April, DataBreaches reported that the listing read:

Change HealthCare – OPTUM Group – United HealthCare Group – FOR SALE

The data in now for sale. Anyone interested in the purchase should contact RansomHub. 

But does RansomHub actually have it? Are they ‘notchy’, in it with ‘notchy’, brokering ‘notchy’, or is it a second 4TB breach? Stay tuned.

Thousands at Optum won’t care one way or another. Reports since last Thursday have been that first hundreds, then thousands, then up to 20,000, have been laid off. These are based on social media postings on LinkedIn and boards like The Layoff where anyone can post. Optum has not confirmed any layoffs to industry media such as FierceHealthcare and Becker’s Hospital Review / Becker’s ASC Review which published reports starting last Friday. Federal and state WARN notices, which usually confirm mass layoffs by state, have been oddly empty. 

Across the reports, Optum has laid off staff from their California care division (400), home health provider Landmark Health (500), urgent care MedExpress (all as of 18 July), Genoa (OptumRx-unknown). Notices range from immediate, to two weeks into May, and forward. Types of jobs eliminated have been at all levels of regional and corporate, affecting engineers, care management, clinical, case directors, data operations, and integration managers. This LinkedIn post claims up to 20,000. Optum’s silence has let the rumor mill run overtime.

CMS has lowered Medicare Advantage reimbursement, but other insurers factored this in earlier this year. The major whack was the Change Healthcare cyberattack. Though the public posture of UnitedHealth Group is that most of the systems are back or being worked around, the financial truth is that the Change disaster will cost them $1.6 billion in 2024 as announced last week. It does lead one to wonder about how mighty UHG, on an acquisition tear for years through today, always doing well and pleasing Mr. Market, got quite so overstaffed. How would it be overstaffed by thousands or the rumored 20,000 who are suddenly, dramatically unnecessary? That may boost the stock, but it gives the Feds yet another ax to grind, what with the House savaging an absent UHG on the cyberattack handling and their payments to providers [TTA 18 April], DOJ taking a hard cold look into UHG’s business practices, specifically around antitrust between the payer group and Optum [TTA 6 Mar], and approvals for the Amedisys buy stalling.

Here’s a view at variance, not about the layoffs but about how UHG is really doing. STAT’s analysis of UHG’s financial report is that the Change losses barely dent the overall picture and won’t affect 2024 earnings. Q1’s loss was mostly the Brazil writedown. It also confirmed that CEO Andrew Witty had a certain gall to say in prepared remarks that the Change situation would have been so much worse had they not been owned by UHG. Mr. Witty will have some ‘splainin’ to do before the House and the Senate, 30 April and 1 May, respectively.

News roundup: Congress hammers absent UHG on Change cyberattack–and more; 10% unhinged at Hinge Health; Steward Health nears insolvency; Two Chairs $72M Series C

UnitedHealth Group facing direct Congressional criticism–and didn’t show up to answer it. The House Energy and Commerce Committee held a hearing yesterday on the BlackCat/ALPHV cyberattack on UHG/Optum’s Change Healthcare systems. Representatives of the American Hospital Association, which we noted led the earliest efforts to assess the situation, help health systems, and then lobby Health and Human Services to assist providers, the College of Healthcare Information Management Executives, and the Healthcare Sector Coordinating Council testified to a restive group of House representatives. Though reports have said that UHG had previously briefed the committee and CEO Andrew Witty will appear before the Senate Finance Committee on 30 April, both Republicans and Democrats didn’t spare the criticism. Other issues, such as healthcare provider consolidation, cybersecurity coordination, and vertical integration through acquisitions as represented by UHG and Change, entered into the hearing. And it went pretty far. Rep. Buddy Carter (R-GA): “The FTC has failed the American people by allowing vertical integration to happen, and it needs to be busted up.” Rep. Anna Eshoo (D-CA): “The attack shows how UnitedHealth’s anti-competitive practices present a national security risk because its operations now extend through every point of our healthcare system,” and called it “outrageous”. 

The current administration’s proposed $800 million investment in hospital cybersecurity protections was typed as “woefully insufficient.” 

Returning to the main issues, Larry Bucshon, MD (R-IN) stated that both the government and private companies were slow in assisting providers. John Riggi, AHA’s national adviser for cybersecurity and risk testified that “The federal government did not step in for weeks. Needed flexibilities under Medicare were not immediately available. It took 18 days for CMS to begin allowing providers to apply for advancing accelerated payments.” On how it affected providers, 94% of respondents in an AHA provider survey felt a financial impact from the attack, over half reported a “significant or serious” impact, and 74% of hospitals reported a direct effect on patient care. Payers are resisting advanced payments. UHG was even accused of exploiting the cyberattack to purchase additional practices by Rep. John Joyce, MD (R-PA). Becker’s, Chief Healthcare Executive, STAT

This Editor has previously noted that UHG is taking a $1.6 billion charge for the cyberattack and is separately facing a DOJ investigation on multiple antitrust issues between the payer group and Optum, including their Amedisys buy [TTA 6 Mar]. UHG is also facing multiple class-action lawsuits from practices currently and expected from patients affected by the theft of PHI and PII [TTA 28 Mar]. It’ll be a busy spring and summer for UHG’s legal department.

Hinge Health cuts 10% of staff. Reasons given were the standard tropes of ‘long-term sustainable business’, ‘accelerate our path to profitability, speed up decision making, and better focus our investments’ plus ‘realign our organization’. Their employee group is estimated at 1,700 on LinkedIn, making this about 170 staff released in various functions including engineers. The company is preparing for an IPO, which may not be this year, since they claim to have $400 million in cash on the books. Hinge’s last raise was an October 2021 $400 million Series E led by Tiger Global and Coatue Management for a total funding of $826.1 million over 10 raises (Crunchbase). At that time, their valuation was a bubbly $6.2 billion. Their virtual musculoskeletal rehabilitative therapy for back and joint pain care has since then expanded to rehab for pelvic pain, bowel, and bladder control. TechCrunch  As predicted in our Rock Health Q1 review, Hinge is a perfect example of companies “pursuing IPO and M&A exit pathways concurrently to keep options open” by presenting their financials as if they were already public companies. 

Steward Health Care nears bankruptcy court. And the Optum buy of Stewardship Health practices won’t save it in time. Steward’s lenders are giving the health network until the end of April–two weeks away–to prove it can repay its considerable debts. Its recovery plan which included the Stewardship sale has been criticized as unworkable given the volume of debt and the regulatory implications of selling their hospital assets. The Optum acquisition is required to undergo a 30-day review by Massachusetts’ Health Policy Commission (HPC)–and while it was announced at the end of March, it had not started by mid-April. Given UHG’s other problems and scrutiny of practice purchases by the DOJ and FTC, Optum may walk away or wait. No purchase price had been announced but it would be a drop in a bottomless well anyway. The mounting problems of Steward Health Care are detailed in Healthcare Dive’s analysis.

And to end on a more optimistic note, Two Chairs, a telemental health provider out of San Francisco, scored a $72 million Series C. Lead investors are Amplo and Fifth Down Capital with debt financing from Bridge Bank. The new raise, majority equity, brings Two Chairs’ total funding to $103 million. Their hybrid virtual and in-person therapy model is available at present in California, Florida, and Washington and markets to consumers, payers (Aetna nationally, Kaiser Permanente in Washington and Northern California), providers, and employers. The company states it will use the fresh funding to expand its markets and improve its technology platform. Currently, they have more than 500 clinicians on staff, most of whom are full-time. Their differentiator in the crowded telemental health category is their emphasis on measurement-based care, aided by a “matching consult,” facilitated by a proprietary 300-variable algorithm that creates the right therapist-client match (the ‘two chairs’ of the company’s name), which studies indicate is the most important factor in determining a good outcome.  Release, FierceHealthcare, MedCityNews

Mid-week short takes: UnitedHealth’s $1.2B Q1 loss from Change attack, another Walgreens layoff, Dexcom-MD Revolution partner, Kontakt.io $47.5 raise, GeBBS Healthcare may sell for $1B

UnitedHealth Group rang up Q1 revenue of $99.8 billion, with adjusted earnings from operations $8.5 billion, but had a net loss of $1.22 billion (WSJ). (Ed. note–Becker’s has $1.4 million) The loss was created not only from the cyberattack on Change Healthcare’s systems ($0.74/share) but also a $7 billion charge due to the sale of UHG’s Brazil operations.

  • Q1 revenue was up $7.9 billion versus same quarter 2023.
  • Their year 2024 forecast of the damage done by the ALPHV cyberattack on Change is $1.6 billion ($1.15 to $1.35 per share).
  • Optum’s Q1 revenues of $61 billion grew by $7 billion over prior year, led by Optum Health and Optum Rx due to continued strong expansion in the number of people served

Someone at HIStalk did some counting and noted that the Optum Solution Status dashboard for Change Healthcare shows 109 of 137 applications remain down, not much different than when we eyeballed it on 3 April. CNBC, UHG release, HIStalk, Becker’s, MSN/WSJ

Walgreens continues to cut staff–this go-around, it’s corporate support center employees both in Chicago and working remotely. No total was provided by the Walgreens spokesperson contacted by Crain’s Chicago Business. This adds to 900 corporate staff laid off in several waves earlier this year and last fall, VillageMD staff due to 140 closures, and 646 distribution center staff laid off last month. Walgreens stock is down 33% this year. 

In cheerier news, Dexcom is partnering with remote patient monitoring (RPM) provider MD Revolution to add its continuous glucose monitoring (CGM) system to MD Revolution’s RPM platform. MDR is a startup company marketing its RPM platform to large practices, health systems, and healthcare organizations. Current raises date back to 2015 totaling under $60 million mostly from venture round funding (Crunchbase). Release

Inpatient data analytics company Kontakt.io raised a Series C investment of $47.5 million, led by Growth Equity at Goldman Sachs Asset Management (Goldman Sachs). This adds to a modest $21.5 million from various investors from 2013 to 2022 (Crunchbase). Kontakt provides patient flow analytics to health systems to optimize patient, staff, and resource flows, improving safety, coordination, and service delivery. It uses a combination of RTLS property tracking, cloud, and AI to provide real-time location data and orchestrate staff, equipment, and clinical spaces around a patient’s care journey. The additional funds will be used for sales expansion and AI development. HIStalk, Release 

GeBBS Healthcare Solutions on the block, may fetch $1 billion. The LA-based business process outsourcing (BPO)/revenue cycle management (RCM) company, currently owned by ChrysCapital of New Delhi, is on the market for a reported $800 million to $1 billion. This would be a tidy payday for ChrysCapital which back in 2018 acquired an 80% stake in GeBBS for $140 million with a valuation then of $175 million. ChrysCapital is India’s largest home-grown PE investor. Economic Times-India Times, HIStalk

Mid-week news roundup: US offers $10M for BlackCat/ALPHV info; most Change systems still down; Risant closes Geisinger buy; SureScripts exploring sale; DarioHealth 2023 revenue -23%; Amazon Pharmacy same-day delivery NYC and LA

US State Department pays well for Big Breach information. Interestingly, this US agency through the Diplomatic Security Service has a special program, Rewards for Justice (RFJ), for cyberattacks that are deemed “malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA)”. The activities of the now-disappeared (ha ha!) BlackCat/ALPHV  ransomware-as-a-service (RaaS) group, identified on 29 February as the culprits in the massive Change Healthcare/Optum system takedown, are now listed as qualifying for a reward, presumably as disruptive to US healthcare and not just UnitedHealth Group. Contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required). That is, if you dare! Rewards for Justice release, Becker’s

Six weeks later, most Change services are still X-d on the Optum Solution Status page. A quick rundown of the hundred or so programs that Change provides to enterprises has a long line of Xs with some triangles containing ! (partial outage) or yellow boxes (degraded performance). The green checkmarks are clustered in high-priority areas such as pharmacy solutions and clinical decision support. Otherwise, they are scattered across categories. The summary on the top of page (dropdown) lists workarounds for specific programs such as batch processing and transitioning over to Optum systems unaffected by the attack. This Editor bets that most of these Change legacy systems will come back only partially if at all–many will be abandoned and replaced by Optum systems. Hat tip to HIStalk 29 March

Risant Health, the non-profit community hospital system founded by but separate from Kaiser Permanente, has closed its acquisition of Pennsylvania-based Geisinger Health as of 2 April.  Jaewon Ryu, MD, JD, currently Geisinger’s president and CEO, will move to CEO of Risant Health, with Terry Gilliland, MD, replacing him at Geisinger. The Risant plan announced last April is that Kaiser will fund $5 billion to Risant, which will acquire now four or five health systems over the next four to five years. The health systems will retain their names and operational areas. The purpose of Risant is to bring community systems it acquires greater access to capital, technology, and resources for facility improvements, innovation, and investment in patient care. Keeping an eye on 109-year-old Geisinger. Risant release

Mega e-prescription system Surescripts is exploring a sale. Silicon Valley investment bank TripleTree is handling the search for buyers. Currently, Surescripts is owned 50% by CVS Caremark and Cigna-owned Express Scripts, with two trade groups, the National Association of Community Pharmacies and the National Association of Chain Drug Stores, owning the other 50%. It isn’t disclosed in the Business Insider ‘reveal’ what group(s) is interested in selling all or part of its ownership. Since Surescripts holds 95% of the e-prescribing market, any buyer or investor would need be mega flush to buy into it. 

DarioHealth didn’t have a great 2023. Net revenue was down 23% versus 2022: $20.4 million to the prior year’s $27.7 million. The chronic condition management company managed to narrow its 2023 net loss of $59.4 million from $62.2 million in 2022. A lot of the problems seemed to center on their Q4, with net revenue that declined to $3.6 million from $6.8 million in Q4 2022 and a net loss that increased to $14.3 million from $12.6 million in Q4 2022.  Dario’s gross profits for 2023 were down 38% to $6 million, a decrease of 38% versus 2022’s $9.7 million. The changing financial picture was attributed to a new private label platform with Aetna launching in 2024, changing from a B2C to a B2B2C model, and February’s “transformational acquisition” of Twill (Happify) in telemental health. As this Editor noted then, it was a feat of funding legerdemain that rivaled a Frank Lorenzo deregulation-era airline acquisition. Their information around 2023 earnings isn’t much different. Dario provides a combined app and in-person approach to musculoskeletal (MSK) therapy, diabetes (including GLP-1 drugs), hypertension, weight management, and behavioral health. Mobihealthnews, Dario release

And speaking of pharmacy, Amazon Pharmacy expanded same-day medication-delivery offerings to NYC residents and the greater Los Angeles area. This adds to same-day prescription delivery available in Phoenix, Austin, Seattle, Indianapolis, Miami, and Texas, including free drone delivery in College Station. How it works: Amazon has small facilities and pharmacists near the areas, ready to fill and deliver medications in minutes using genAI and machine learning tools. Delivery in NYC/Manhattan will be by bike and in LA, electric vans or other commercial vehicles. (Editor’s note: bike delivery in the outer boroughs is like LA–impractical.) Amazon Prime members have additional benefits. Competition here are online companies like Mark Cuban Cost Plus and GoodRx’s prescription service. But perhaps it’s a good time to sell Surescripts? Mobihealthnews

Short takes: PocketHealth, Brightside fundings; VA OIG reports hit Oracle Cerner; Change cyberattack/legal updates; UHG-Amedisys reviewed in Oregon; Optum to buy Steward Health practices

It’s a relatively quiet week before the Easter holiday, with a few fundings, more drama at the VA around Oracle Cerner, updating Change Healthcare’s comeback, and the continuing scrutiny around UnitedHealth’s acquisitions:

PocketHealth garners a US$33 million Series B. The Toronto-based company markets an AI-assisted platform to health systems and providers that allows patients to access their medical imaging and reports as well as for providers to easily share imaging information. The funding was an all-equity round by Round13 Capital with participation from Deloitte Ventures, Samsung Next, and existing investors Questa Capital and Radical Ventures to bring total funding since 2020 to $55.5 million. The fresh funding will be used to grow further within the US and Canada and develop new platform functions. Patients have access to three platforms:  Report Reader to explain medical terms in the patient’s report, Follow-Up Navigator for follow-up imaging recommendations, and MyCare Navigator to equip patients with relevant, personalized questions to ask their doctor. The platform is available in 775 hospitals and imaging centers across North America and is used by more than 1.5 million patients.  PocketHealth release, Mobihealthnews

Brightside Health moves to a Series C of $33 million. This round for the telemental health company was led by S32, along with Kennedy Lewis, Time BioVentures, and Anne Wojcicki (Redwood Pacific) with existing investors ACME, Mousse Partners, and Triventures. Total funding since 2018 is $114 million. Brightside provides telemental health through payers in 50 states such as CareOregon, Blue Cross and Blue Shield of Texas, and Centene. The new funding will be used to expand into the usual new markets and offerings. Trip Hofer, who was former CEO of Optum Behavioral Health Solutions and now with .406 Ventures, will join the Brightside board of directors. Their most recent moves are expansion into Medicare and Medicaid programs for psychiatry, therapy, and their Crisis Care program for individuals with elevated suicide risk. Release

The Department of Veterans Affairs Office of Inspector General (OIG) released three reports last Thursday (20-21 March) that were sharply critical of the new Oracle Cerner EHR. While Oracle Cerner Millenium operates in only five VA locations, not including the joint MHS/Genesis Lovell FHCC, each one has been problematic from training to implementation–and are on hold. The OIG reports available here on the Electronic Health Records Modernization (EHRM) are scathing on the EHR’s scheduling and pharmacy features leading to patient safety and staff usability issues.

  • At VA Central Ohio Healthcare System (facility) in Columbus and elsewhere, this led to inaccurate medication and allergy information transmission from new EHR sites to legacy EHR sites that staff and pharmacists had to work around to provide adequate safety checks.
  • Also at VA Central Ohio, the Cerner EHR system error in 2022 led to a patient’s missed appointment since it was not routed to a queue to prompt rescheduling efforts. Subsequently, a nurse practitioner never evaluated the medication refill request, nor did a psychologist evaluate mental status and critical clinical information. The veteran patient died by accidental overdose approximately seven weeks after that missed appointment.
  • Regarding future implementations, the OIG was specific on what had to be fixed on both: “These concerns include the need for additional staffing and overtime to meet or exceed pre-deployment appointment levels, displaced appointment queue functionality, challenges related to providers and schedulers sharing information, inaccurate patient information, difficulties changing appointment type, and the inability to automatically mail appointment reminder letters. At facilities currently relying on the EHR, these issues have resulted in inconsistent workarounds and additional work, increasing the risk for scheduling errors.” 

Healthcare IT News, Healthcare Dive, EHR Intelligence, TTA 22 Feb

Change Healthcare’s systems are gradually returning. Since our last update on 14 March, UnitedHealth Group confirmed that 99% of pharmacy network services were up and running–and that they have fronted $2 billion to providers. Separately, they launched workaround software for medical claims preparation.

  • On 15 March, the electronic payments platform was restored.
  • On 20 March, UHG restored Amazon Web Services. It was backed up from Assurance, a claims and remittance management program, and claims clearinghouse Relay Exchange.
  • Relay Exchange went back online by 24 March to begin processing $14 billion in medical claims.

But on the legal and Federal fronts, UHG will be keeping its legal department busy. Starting the week of 11 March, the first class action lawsuit was filed by a women’s health practice in Albany, MS–Advanced Obstetrics & Gynecology PC. Another class action suit was filed on 18 March by Gibbs Law Group on behalf of providers to be named. Patients who have had compromised PII and PHI will be next from the 4 or 6 terabytes of payer information held by ‘notchy’ and other affiliates from the BlackCat/ALPHV masterminded attack as this is confirmed. Expect these to multiply like weeds in May. HIPAA Journal  And the American Hospital Association, Senators and House Representatives are jumping all over Health and Human Services (HHS) to ensure that payments are made to Medicare, Medicaid, and Medicare Advantage plans–as well as calls for investigating UnitedHealth. Becker’s, FierceHealthcare

As expected, UHG’s acquisition of Amedisys home health is running into more opposition at the state level. In this case, it’s the Oregon Health Authority (OHA) that will be conducting a full review. The Department of Justice (DOJ) has been investigating the acquisition on antitrust grounds almost since it was announced in June 2023. Shareholders approved the $3.3 billion buy the following September, but it has not closed. UHG’s plan is to merge it into Optum’s home health providers Contessa Health and LHG Group, creating a home health juggernaut. As noted earlier this month when DOJ announced a further antitrust probe of UHG around the UnitedHealth plan relationships with Optum services, “DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing. One wonders if now UHG has buyer’s remorse after fighting for two years to buy Change.” (And winning versus DOJ!) Fierce Healthcare

Yet UHG goes on buying providers, DOJ scrutiny or not. Optum is bidding for Steward Health Care’s Stewardship Health practices over nine states. For-profit Steward, headquartered in Dallas, needs to raise funds as it is in debt overall and facing major problems in Massachusetts, with several hospitals at risk of closure. In any case, the company wants to exit the state. A purchase price was not announced. The transaction is under review by Massachusetts’ Health Policy Commission (HPC) over the next 30 days. The Stewardship transaction would add to OptumCare’s total of 90,000 physicians–10% of US physicians, a number that is raising red flags on the state and Federal levels. FierceHealthcare, WBUR

Is BlackCat/ALPHV faking its own ‘death’? (updated) HHS and CMS come to Change affected providers’ assistance with ‘flexibilities’

BlackCat/ALPHV blames the FBI for another ‘shutdown’ and exits, stage left. BlackCat put up a copy of the shutdown screen (left) that appeared on their old leak website back in December [TTA 22 Dec 23] on their new leak website, claiming that law enforcement shut them down. This was not confirmed by the FBI either way, but Europol and the NCA confirmed to Bleeping Computer that they had no recent activity involving BlackCat. The other tell was that the source code on both screens was different–it was served up on another server.

On a Russian hacker forum called Ramp, BlackCat/ALPHV claimed that they “decided to completely close the project” and “we can officially declare that the feds screwed us over. The source code will be sold, the deal is already being negotiated”. The source code is reportedly up for sale for $5 million.

As to the $22 million, BlackCat/ALPHV never admitted it was paid by Optum/Change (nor is Optum confirming), but the affiliate called “notchy” which didn’t get paid [TTA 5 Mar] shared (to Bleeping Computer) that “a cryptocurrency payment address that recorded only one incoming transfer of 350 bitcoins (about $23 million) from a wallet that appears to have been used specifically for this transaction on March 2nd.” That wallet distributed (seven) equal payments of $3.3 million in bitcoin to other wallets.

(Update) Speaking of “notchy”, let’s not forget that this affiliate claims to have 4 TB of PHI/PII data from Change that could be sold or leaked. Since they never got paid by BlackCat/ALPHV, it’s safe to assume that information will be up, so to speak, for grabs.

When it all adds up–the fake FBI ‘raid’, shutting down servers, the signoff on Tox of “GG’ (good game?), the cutting off of affiliates (which also confirmed this to DataBreaches.net–and may or may not have been paid)–it resembles an exit scam.

(Update) Another excellent summary about ALPHV in Krebs On Security also updates LockBit, which was seized in an international takedown in February, and about governmental entities they ransomwared.  To be continued….

The lobbying of HHS by Congress, the American Hospital Association, and UHG to help out providers has produced some results. On 5 March, Health and Human Services (HHS) issued a statement that summarized various ‘flexibilities’ and workarounds to aid providers who cannot access systems or have to resort to alternatives to ensure continuity of services to patients. These will be administered through the Center for Medicare & Medicaid Services (CMS) and range from prior authorization, advance funding, and claims processing for Medicare. From the statement:

  • Medicare providers needing to change clearinghouses that they use for claims processing during these outages should contact their Medicare Administrative Contractor (MAC) to request a new electronic data interchange (EDI) enrollment for the switch.
  • CMS will issue guidance to Medicare Advantage (MA) organizations and Part D sponsors encouraging them to remove or relax prior authorization, other utilization management, and timely filing requirements during these system outages.
  • CMS is also encouraging MA plans to offer advance funding to providers most affected by this cyberattack.
  • CMS strongly encourages Medicaid and CHIP managed care plans to adopt the same strategies
  • If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs. CMS has contacted all of the MACs to make sure they are prepared to accept paper claims from providers who need to file them.

Many payers are also making funds available while systems are offline. Hospitals may also face “significant cash flow problems from the unusual circumstances impacting hospitals’ operations, and – during outages arising from this event – facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration.”

The statement closes with a reminder of HHS’ December concept paper on cybersecurity strategy for healthcare. DataBreaches.net (full statement), Becker’s

(Update) More on how this is affecting patient care focusing on cancer treatment, from the point of view of a Community Oncology Alliance spokesman. In addition, how consolidation is making healthcare more vulnerable to cybercriminals, and comments on UHG and Federal processes and payment offers to date. HealthcareITNews.

And DDoS attacks and questionable downtimes are now common.

Editor’s Update 11 Mar: The DataBreaches.net website had a major DDoS attack on 7 March and was down for two days thru 8 March. It is now fully up and running with our links working.

Multiple US Government websites went down Thursday evening 7 March based on news reports: Department of Homeland Security (DHS), Customs and Border Protection (CBP), Immigration & Customs Enforcement (ICE), Citizenship and Immigration Services (USCIS), US Secret Service and Federal Emergency Management Agency (FEMA). The timing based on the State of the Union address to Congress is, well, interesting. Daily Express   Later reports announced restoration later in evening. Cyberincidents are not exactly unknown on government websites.

Reality Bites Again: UHG being probed by DOJ on antitrust, One Medical layoffs “not related” to Amazon, the psychological effects of cyberattacks

When It Rains, It Really Pours for UnitedHealth Group. On the heels of their Optum/Change Healthcare ransomware disaster are recent reports that the US Department of Justice is investigating UHG over multiple antitrust concerns. According to the Wall Street Journal, DOJ is examining certain relationships between the company’s UnitedHealthcare insurance unit and its Optum services unit, specifically around Optum’s ownership of physician groups. UHG has been aggressively buying and buying interests in practice groups for several years, announcing quite publicly that their goal was to own or control 5% of US physicians. In 2022 and 2023, they bought CareMount, Kelsey-Seybold, Atrius Health, Healthcare Associates of Texas, and Crystal Run Healthcare (Becker’s). Local reporting by the Examiner News in Westchester, NY, brought much of this history to light. In that area, it started with local practice group CareMount and their 25% layoff after being folded into Optum Tri-State with ProHealth in Long Island and NYC and Riverside Health–a layoff pattern that accelerated in the practice groups in 2023.

DOJ lost out on their challenge to the Change Healthcare acquisition in November 2022, deciding not to appeal the Federal District Court decision in 2023 [TTA 23 Mar 2023]. But DOJ never sleeps; they are examining with a microscope UHG’s $3.3 billion bid for home health provider Amedisys that started in August 2023 and has not moved forward. DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing. One wonders if now UHG has buyer’s remorse after fighting for two years to buy Change.

In the Alternate Reality Department, One Medical CEO Trent Green insisted that their reorganization and layoffs were unrelated to their acquisition by Amazon. Those of us who are a little less credulous know that with 98% of acquisitions, staff are laid off. Overlapping areas wind up being pinkslipped, no matter their individuals’ quality or even difference in business: finance, HR, legal, marketing, IT, operations, compliance, sales, account managers…the list is almost endless. According to the Washington Post article (also Becker’s), One Medical cuts, estimated at up to 400, also included front desk staff, office managers, health coaches, behavioral health specialists and a pediatrician–people who aren’t employed by other Amazon units. One Medical’s corporate offices in New York, Minneapolis, and St. Petersburg, Florida are closing, and its San Francisco office space is reduced to one floor. TTA 14 Feb

One Medical has never been profitable, as this Editor noted when the acquisition was announced as part of the “race to transform healthcare models”. This wasn’t going to last long with Amazon, which has been aggressively been cutting and dumping in other units such as Audible, Prime, and Halo. Marketing Amazon-style with deeply discounted memberships to Prime members also has its limitations. One Medical has a scant 200 mostly urban offices, which means that members outside those areas only have access to virtual visits. It had previously cultivated a patient population of young, mostly healthy and lower-cost urbanites, who as they grow older and have families might stick with the practice–or find it not compatible with or targeted to their needs in middle age. Management has changed: Green replaced Amir Dan Rubin, MD, as CEO last September. CFO Bjorn Thaler will move to a new position focused on growth initiatives. A layer of regional general managers will report to an Amazon head of operations, and legal, finance, and technology teams will report to Amazon’s healthcare business structure. Inbound calls now go to Mission Control, a central call center, and even those humans will be in future supplemented by an AI-enabled chatbot.

Iora Health, One Medical’s specialized (acquired) unit in Medicare Advantage and Medicare Shared Savings Programs including the advanced ACO REACH model, in October was rebranded as One Medical Senior, with an intention for all One Medical offices to serve age 65+–but with current patients, many with multiple chronic conditions, now reporting cutbacks in callbacks, appointment length, physician load, and services provided such as transportation. One clinic had 20 staff cut back to five with patients pushed out to virtual visits–hardly appropriate for a high needs, older, less technologically savvy patient population in value-based care, quality-measured models. Editor’s note: having had some experience in ACO and VBC World, Amazon may as well get out of ACOs because practices in these primary care models require specialized and dedicated management, reporting, and population nurturing. They don’t mainstream well.  I have also read that ironically, Iora was profitable for OneMedical, which is 1) why they bought it and 2) ran it separately.

In this Editor’s view, human costs are a factor shown to be absent from Amazon’s business calculations for success–which doesn’t quite square with the mission of healthcare for healthier patients and better outcomes.

Speaking of the reality of human cost, let’s spare a thought for those dealing with the effects of a cyberattack or data breach. They are the IT staff, pharmacists, software specialists, front line clinicians, billing specialists, doctors, therapists, business managers, coders…the list goes on. They share their feelings of frustration, helplessness, distress, aloneness, and financial fear on Reddit, Twitter/X and other forums. Few think of them taking the brunt of patient frustration and their state of mind day after day as Change/Optum’s disaster goes on and on. Writer Molly Gamble of Becker’s has the final and most sympathetically descriptive say in her brief but important article about When ransomware strikes, who to call?  A full read is recommended.

Helplessness or loss of control, especially at a collective level, can be psychologically and emotionally taxing. Recognizing a threat but not knowing what to do about it can increase one’s stress, anxiety and fear. The lack of a known end point of a cyberattack like Change is experiencing can intensify psychological distress. Some independent therapists, for instance, have noted they have halted their insurance billing for a week due to the downtime and expressed fear about going longer without income. 

These mental effects, while lesser-discussed, are exactly what cyberthreats intend to bring on. Cyberterrorists want to create mental and physical harm, and research has found that the psychological effects of cyber threats can rival those of traditional terrorism.

Week 2: Change Healthcare’s BlackCat hack may last “for the next couple of weeks”, UHG provides temp funding to providers, AHA slams it as a ‘band aid”–but did Optum already pay BlackCat a $22M ransom? (updated)

The BlackCat/ALPHV ransomware attack on Change Healthcare’s systems continues. At this point, the Optum systems website doesn’t show anything other than a chronological trail of updates and a long list in very small gray type of Change Healthcare systems affected–no more individual checks on working systems and red Xs on the ones that weren’t. 

  • UnitedHealth Group is setting up a program to loan funds, the “Temporary Funding Assistance Program,” to providers who cannot receive payments while Change systems are down. While without fees or interest, the loans will have to be repaid.
  • In a Tuesday 27 Feb conference call with hospital cybersecurity officers reported by STAT, UHG Chief Operating Officer Dirk McMahon said that the program will continue “for the next couple of weeks as this continues to go on.” This is more of a timeline than UHG has otherwise disclosed.
  • The American Hospital Association (AHA) on Monday slammed the “Temporary Funding Assistance Program” as “not even a band-aid on the payment problems” that hospitals are experiencing. The program is, in their view 1) “available to an exceedingly small number of hospitals and health systems” and with “shockingly onerous” and “one-sided contractual terms” and conditions for payback and verification through access to claims payment data. For their members, “their financial future becomes more unpredictable the longer Change Healthcare is unavailable. UnitedHealth Group, which is a Fortune 5 company that brought in more than $370 billion in revenue and $22 billion in profit in 2023, can — and should — be doing more to address the far-reaching consequences that result from Change Healthcare’s inability to provide these essential hospital revenue cycle functions nearly two weeks after the attack.” 4 March letter to UHG   AHA maintains an update page for members and other providers.
  • US Senator Chuck Schumer wrote 1 March to the Center for Medicare and Medicare Services (CMS) requesting that CMS accelerate payments to hospitals, pharmacies and other providers. Also Becker’s
  • AHA wrote 4 March to all four Congressional leaders detailing the effect on providers, UHG’s assistance program’s inadequacies, and requesting assistance from HHS including requesting “Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.”  

Update: According to First Health Advisory, a cybersecurity firm in healthcare, some large providers are losing $100 million daily because of the interruptions to Change/Optum’s payer systems. CNN, Becker’s

And BlackCat went All Quiet on the Ransomware Front. Bleeping Computer confirmed that BlackCat turned off their servers and took their negotiation website offline over the weekend. “The Tox messaging platform used by the BlackCat ransomware operator contained a message that does does not provide any details about what the gang plans next: “Все выключено, решаем,” which translates to “Everything is off, we decide.”” It has now been changed to “GG”.

This may or may not be related to another development–an affiliate of BlackCat/ALPHV claiming that they were scammed of a $22 million ransomware payment from Optum. These affiliates actually carry out the attacks on cybervictims using encryptors from the main entity. Dmitry Smilyanets of threat intelligence company Recorded Future picked up a message posted by “notchy” that said Change/Optum paid $22 million on 1 March to “prevent leakage and decryption key.” ALPHV suspended their account after receiving the payment and never paid them. This affiliate also claims they still have 4 terabytes of data from Change that goes deep into Tricare, Medicare, MetLife, CVS, and many other payers. As proof on the ransom, “notchy” provided a cryptocurrency payment address with a total of nine transactions. In the ultimate irony, “notchy” warned other affiliates to stop dealing with ALPHV. Cutting off affiliate ties and walking away with the cash, preliminary to another rebrand of BlackCat/ALPHV, formerly DarkSide and Black Matter? Also The Registerand DataBreaches.net–which commented that while Optum may have gotten a decryptor, what about All That Data?

Change Healthcare cyberattack persists–is the BlackCat gang back and using LockBit malware? BlackCat taking credit. (update 28 Feb #2)

On Day 7, reports, like recollections, may differ. Today’s Reuters report (26 Feb) attributes the attack on Change Healthcare, which has snarled pharmacies and hospitals since Wednesday [TTA 23 Feb], to a revived BlackCat (a/k/a ALPHV) ransomware operation. Readers will recall that the FBI busted BlackCat right before Christmas last year, seizing their operational darknet websites and putting up a most showy home screen. They worked their way into the BlackCat operation via their affiliate operation. However, BlackCat rebooted a few days later, made an appearance, and went back underground. As Bleeping Computer predicted then, BlackCat is apparently back and, adding insult, not even under a new name. 

Bleeping Computer today reported that BlackCat’s hack went through a critical ConnectWise ScreenConnect auth bypass flaw (CVE-2024-1708 and 1709) which was actively exploited in attacks to deploy ransomware on unpatched servers. This was confirmed by Reuters and Health-ISAC, a healthcare-focused organization engaged in cyber best practices and threat intelligence, via the American Hospital Association’s AHA Cybersecurity Advisory today (26 Feb). AHA is advising healthcare organizations to actively reevaluate their connection or disconnection status of Change Healthcare systems which have been deemed safe by Optum.

As of today, BlackCat did not claim credit for taking down Change’s systems nor is there any report of a ransom demand. It is perhaps too early to determine if there has been any data theft. Nor are there reports of other healthcare or other organizations being attacked through the ScreenConnect flaw.

Optum has a page detailing the status of Change Healthcare’s individual systems here. Optum has a statement that has remained nearly the same on issues with connectivity since last Wednesday.* This Editor’s experience of the page is that it needs refreshing to view the full version. Regarding the systems, they are a long list to scroll through and your Editor lost count after 100. Most have red Xs by them. Some systems are checked green. Change is also holding Zoom calls to update partners. Reuters reported that Alphabet’s cybersecurity unit Mandiant is in charge of investigating the attack.

Change Healthcare processes 15 billion healthcare claims annually. This attack seems to have hit their pharmacy software the hardest. These software tools are used to verify patient eligibility for specific medication and also their insurance coverage. The outage not only covers the big chains like CVS and Walgreens, but also Tricare and the Military Health System (MHS) globally. TTA 22 Feb, updated 23 Feb.

A Friday report in SC Magazine indicated that the malware used by BlackCat was a strain of LockBit malware going through the ConnectWise ScreenConnect bypass flaw. Their source, Toby Goucker, chief security officer at First Health Advisory, stated that their firm found the ScreenConnect flaws and sent out a notification on 19 February. Goucker noted that bad actors prey on the gap between when these vulnerabilities are uncovered and announced, but before when patches are applied. However, Goucker was not able to confirm that Change uses ScreenConnect.

Ironically, the LockBit ransomwareistes were busted only last week by a combined UK NCA and US DOJ/FBI effort. Like weeds, they never go away entirely.

Oddly, Change Healthcare’s website home page does not have a notice about their problem or direct to a page on their or UHG’s site about it for assistance. We know you’re busy, guys, but from this Editor’s marketing perspective not having an information banner and redirect to the Optum page is a basic communication failure.

**This is a developing story and will be updated.**

*Update 27 Feb 9am Eastern Time.

A repeat of Optum’s boilerplate statement on their page today indicates this cyberattack is still unresolved for most of Change Healthcare–and will remain unresolved at least through today:

Update – Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare’s systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue.

We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.
Feb 272024 – 09:03 EST

Identical message 28 Feb 10:48am ET indicating that the effects of this attack are now one week old.

Updated 28 Feb: DataBreaches.net (“The Office of Inadequate Security”) reports that BlackCat is taking credit for it.

“BlackCat informed DataBreaches that yes, they are responsible for the attack. DataBreaches has asked them if they are willing to share any additional details and will update this post if any are received.”

This Editor is also following coverage in the usually reliable The Register which added a reply they obtained from Optum: “Since identifying the cyber incident, we have worked closely with customers and clients to ensure people have access to the medications and the care they need. We also continue to work closely with law enforcement and a number of third parties, including Mandiant and Palo Alto Networks, on this attack against Change Healthcare’s systems.” They are not confirming the perpetrators. 

#2 update from DataBreaches may point to Change Healthcare as well as healthcare in general. Here is part of a Cybersecurity Advisory (CSA) that is an ongoing #StopRansomware effort by the Cybersecurity and Infrastructure Security Agency (CISA). CISA was joined by the FBI and interestingly, the Department of Health and Human Services (HHS). They “are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as February 2024.” The addition of HHS as well as February 2024 should be noted. “FBI, CISA, and HHS encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents.” Could this be behind what is going on at Change Healthcare–a BlackCat full-court press versus US healthcare?

And at least one major hospital CEO wants answers now. Tampa General Hospital CEO John Couris went up to Optum’s CEO Amar Desai in the speaker room at the ViVE conference in Los Angeles on Monday, and the answer was far less than satisfactory. “And his answer to me was, ‘We’ll have an update in two days.’ So I don’t think he knows.” Mr. Couris’ speculates that Change Healthcare will 1) not pay ransom and 2) will rebuild its systems in maybe four weeks–and how that puts hospitals like his that use Change as a clearing house for claims in, to put it mildly, a pickle. MedCityNews