Mar 12, 2024
“UnitedHealth Group’s Lack of an Execution-Ready Back Up Plan to Prevent Disruption to Patient Care is a Shocking Dereliction of Duty”
WASHINGTON, DC (March 12, 2024) – Pharmacists United for Truth and Transparency (TruthRx.org) released the following statement today regarding UnitedHealth Group’s failure to resolve predictable patient and provider access breakdowns following the February 21, 2024 cyber attack:
“Over the last 21 days, the U.S. has weathered a national healthcare crisis but most Americans, including members of Congress, the White House, the Federal Trade Commission and the Department of Justice, remain unaware of the true breadth and scope of the problem.
“The Change Healthcare outage has stranded tens of thousands of pharmacies and providers, leaving them vulnerable and effectively flying blind as they attempt to navigate cumbersome IT workarounds in the wake of the crisis, cut off from critical patient information and burdened with uncertainty about repayment or reimbursement. Patients are additionally affected, left uncertain about their privacy now that numerous media have reported possible untold millions of stolen patient data records.
“Having boasted of ‘15% year-over-year growth’ resulting in revenues of $371.6 billion in 2023, UnitedHealth was an obvious target for cyberattack. As the nation's largest fully vertically-integrated healthcare corporation, UnitedHealth Group’s lack of a complete, execution-ready back up plan to keep healthcare providers operational and prevent disruption to patient care is a shocking dereliction of duty.
“When stating their case for acquisition, corporations often make ardent promises in exchange for permission to expand their holdings. Upon acquiring Change Healthcare, UnitedHealth Group said, ‘(Our) combined capabilities will more effectively connect and simplify core clinical, administrative and payment processes - resulting in better health outcomes and experiences for everyone, at lower cost … Together we will help streamline … the vital clinical, administrative and payment processes on which health care providers and payers depend to serve patients.’
“However, UnitedHealth did not disclose that its system would become the sole method on which most Medicare and state Medicaid fee-for-service prescriptions, manufacturer copay assistance and eligibility verification would depend. They also did not disclose the degree to which a system ‘outage’ would cripple patient care from the physician's office to pharmacy counter to the oncology clinic.
“UnitedHealth Group and Change Healthcare broke their word to the American public, resulting in chaos and unnecessary distress for providers and pharmacies, who were left to explain and apologize for a technology breakdown to scared, angry and disappointed patients who neither cared nor had the bandwidth to sympathize with a nearly half-trillion dollar healthcare corporation that wouldn’t or couldn’t foresee the possibility of a cyber attack when such attacks had become commonplace on U.S. healthcare data systems.
“We call upon the FTC and the DOJ Antitrust Division to hold UnitedHealth Group accountable for its actions by requiring it to divest of its non-payer holdings including healthcare data and analytics, physicians groups and pharmacies.
PUTT surveyed independent pharmacies 6 days after the onset of the cyber attack. To understand how deeply disruptive the Change Healthcare outage was for patients on Medicare or Medicaid; or patients who relied on manufacturer copay assistance to afford their copay and other pharmacy services, review the survey results here. To understand how PBM practices affect patient care and affordability of medication for consumers and end payers, visit PUTT’s website at TruthRx.org.