UnitedHealth: Change Healthcare cyberattack caused $872 million loss

UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February.

Despite the $872 million hit on its quarterly $7.9 billion earnings, UnitedHealth says its first quarter revenues grew almost $8 billion year over year to $99.8 billion.

The ransomware attack's impact includes $593 million in direct cyberattack response costs and $279 million due to business disruptions.

UnitedHealth also said the cyberattack will have a total impact of $0.74 per share in Q1, with full-year 2024 impacts estimated at $1.15 to $1.35 per share.

"Out of prudence, due to the potential for the cyberattack to affect claims receipt timing, the company reflected an additional $800 million of claims reserves," the company added.

"Cash flows from operations from the first quarter 2024 were $1.1 billion and were affected by approximately $3 billion due to the company's cyberattack response actions, including funding acceleration to care providers, and were additionally impacted due to the timing of public sector cash receipts."

Change Healthcare is the biggest payment exchange platform used by doctors, healthcare providers, and over 70,000 pharmacies within the United States healthcare system.

UnitedHealth also has contracts with over 1.6 million health professionals and 8,000 healthcare facilities in all 50 states. Currently, the company is still working on mitigating the cyberattack's impact on consumers and care providers while expanding financial assistance to affected providers.

Ransomware attack followed by double-extortion

The February breach caused UnitedHealth subsidiary Optum to shut down Change Healthcare systems and services, preventing doctors and healthcare facilities across the U.S. from billing or sending claims to insurance companies.

While first linked by the company to "nation-state" hackers, the attack was later linked to the BlackCat/ALPHV ransomware group who claimed they stole 6 TB of data during the breach,

The ransomware gang shut down its operation and likely pulled an exit scam by stealing a $22 million ransom paid to Notchy, the affiliate who coordinated the attack.

In mid-March, the U.S. Department of Health and Human Services also announced an investigation into whether protected health information was stolen in the Change Healthcare ransomware attack.

UnitedHealth Q1 2024 report comes one day after the RansomHub extortion gang started leaking screenshots of documents allegedly containing patient and corporate data stolen from Change Healthcare's compromised systems.

This data comes from former ALPHV affiliate Notchy, who has now partnered with RansomHub to extort Change Healthcare again.

The threat actors warned on Monday that Change Healthcare has five days to pay a new ransom to stop the data from being sold to the highest bidder.