Change Healthcare Ransomware Attack Cost Expected to Increase to $2.3B in 2024

by

UnitedHealth Group (UHG) has given an update about the response costs associated with the February 2024 ransomware attack involving Change Healthcare. The overall response cost is forecasted to be $2.3 billion to $2.45 billion this 2024, over $1 billion more than the figure reported earlier. UHG already paid more or less $2 billion handling the reaction to the ransomware attack, which resulted in substantial problems for companies around the U.S. because of long-term shutdowns.

The majority of Change Healthcare’s programs are already recovered and are completely functional. To date, UHG already gave over $9 billion in advance funding and a 0% interest loan to help companies who cannot pay for their services because of lacking access to Change Healthcare’s programs. As of June 30, 2024, UHG had spent $1.98 billion on expenses, which include $1.3 billion in direct expenses like reestablishing the Change Healthcare clearinghouse system and increased healthcare expenditures because of the temporary stop of part of its care management services. Change Healthcare is likewise about to begin sending personal notifications to the impacted persons.

In compliance with the HIPAA breach notification rule, mailing of breach notifications is estimated to begin on July 20, 2024 although the complete number of impacted persons is still not yet affirmed. CEO Andrew Witty of UHG has cautioned that the protected health information (PHI) of 1 in 3 Americans was potentially exposed during the attack. Considering that the American population today is approximately 333 million, that can mean that over 110 million people were impacted. Informing those persons will have substantial expenses.

Despite the huge expenses of the ransomware attack, UHG still made $7.9 billion in earnings in the second quarter of 2024 and $4.2 billion in profits. The earnings grew by 6% year over year and quarter 2 alone showed $98.9 billion earnings. Profits dropped from $5.5 billion in quarter 2 of 2023 because of the ransomware attack.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]