Axios Pro Exclusive Content

Change Healthcare attack poised to become crisis, execs say at ViVE

Illustration of a paper target taped to the foot end of a hospital bed.

Illustration: Gabriella Turrisi/Axios

It's been more than a week since Change Healthcare went down from a far-reaching cyberattack — the scale of which surprised executives at startups and hospitals alike.

Why it matters: The unprecedented attack continues to roil operations at pharmacies and hospitals struggling for the ninth day to process claims due to the outage.

What they're saying: "It's not a crisis — but it's going to be unless they fix it soon," Tampa General Hospital EVP and chief digital and innovation officer Scott Arnold told Erin at the ViVE conference in Los Angeles this week.

  • Change is Tampa General's claims adjudicator, meaning they're responsible for determining how much money will be paid after an insurance claim is processed.
  • "Getting bills out the door and timely cash flow is going to be impacted," said Arnold.

Zoom in: UnitedHealth Group subsidiary Change handles 15 billion health care transactions a year, per its website, and is part of a conglomerate that spans pharmacy care services company Optum Health.

  • Even smaller-scale health tech startups like Omada Health saw some aspect of their technology affected by the attack, with parties needing to use tools that have been turned off proactively for security reasons.
  • Omada uses Change for some of its clearinghouse activity related to its musculoskeletal offering, per Omada chief privacy and security officer Lucia Savage. "We're just hoping they come back online soon," she said.

By the numbers: UnitedHealth Group (NYSE: UNH) is ranked 10th on the 2023 Fortune Global 500, with a market capitalization of $474.9 billion in February 2024, before the attack.

  • UNH's stock has taken a hit since the start of the attack, falling from a high of $527 a share last Friday to $488 on Wednesday.

The other side: Asked about lessons learned from the attack during a panel at ViVE, Optum Health CEO Amar Desai said, "first and foremost, vigilance is important at all times."

What's next: Tampa General's Arnold said the hospital has been taking proactive steps to prevent a cybersecurity incident from impacting its operations, but admitted that they didn't predict the scope or scale of the Change threat.

  • Those include doubling the size of its cybersecurity team over the past few years and running security exercises designed to anticipate cybersecurity threats.
  • "We didn't see this one," said Tampa General's Arnold. "We didn't realize how connected Change was."
Go deeper