Downstream Impact Following Change Healthcare Ransomware Attack

Change Healthcare, a company owned by UnitedHealth Group, handles 60% of prescription processing in the US and processes 15 billion transactions a year. On Feb. 21, 2024, Change Healthcare confirmed that the company fell victim to a ransomware attack that affected its ability to process prescription payments. Less than three weeks after the attack, we are beginning to see the first wave of related claims.

Following the ransomware attack, patients and providers are still trying to recover from the repercussions, which include:

  • Backlogs in patient prescriptions,

  • Threats to patient security,

  • Disruptions in patient discharges at hospitals, and

  • Paycheck delays for medical staff.

Patients are forced to choose between either paying significant out-of-pocket costs for their prescriptions or forgoing essential prescriptive medications, which could lead to significant health concerns.

The downstream impact of cyber attacks like these can be severe and far-reaching. To date, we are aware of at least six lawsuits seeking class-action status, four of which were filed in a Tennessee district court where Change is based and two were filed in Minnesota where the parent company United Health Group is headquartered. We expect to see more claims arise in the coming weeks and months.

The attack, which has been attributed to the ALPHV/BlackCat ransomware group, illustrates how a security failure in a single business network can lead to a widespread impact within an entire industry and beyond. Many businesses that contract with Change Healthcare have suffered significant losses, including loss of revenue, reputational harm, legal and regulatory costs, and extra expenses.

The Newfront Cyber claims team is currently assisting clients who have been impacted, with losses connected to contingent business interruption and extra expense costs.

This event highlights the need for robust cybersecurity coupled with a comprehensive breach response plan. The investment in a comprehensive cyber risk policy can provide the dependent business interruption and extra expenses associated with an attack to a dependent business, but not all cyber policies are alike. Without proper coverage, businesses may be forced to incur legal costs to pursue reimbursement against Change Healthcare for the costs related to this event, recovery of which is not guaranteed.

Please contact Newfront for a review of your cyber insurance program.

The Author
Jennifer Wilson

Head of Cyber

As Head of Cyber, Jennifer brings more than 25 years of experience in the industry, primarily in specialty coverage, claims, and risk management. Jennifer was named to the prestigious Insurance Business Magazine's Elite Women in Insurance list for 2022, and is a graduate of Chubb and Carnegie Mellon's Cyber COPE Insurance Certification (CCIC) Program. She is a regular contributor to the Women in Insurance Global Network and sits on the NetDiligence Cyber Claims Advisory Board.

Connect with Jennifer on LinkedIn
The information provided here is of a general nature only and is not intended to provide advice. For more detail about how this information may be treated, see our General Terms of Use.