There is some relief coming for beleaguered pharmacies, hospitals, and patient now that UnitedHealth Group has the electronic prescribing systems for its Change Healthcare business up and running after being down for weeks following an attack last month by ransomware group BlackCat.

In the wake of the February 21 attack, Change – which acts as a go-between for hospitals and clinics and health insurance companies for such tasks as processing payments, medical and insurance claims, and prescription orders – shut down many of its systems, which kept about 7,000 hospitals and pharmacies from filling prescriptions.

For pharmacy services, “electronic prescribing is now fully functional with claim submission and payment transmission also available as of today,” UnitedHealth wrote in an update to its incident response report. “We have taken action to make sure patients can access their medicines in the meantime, including Optum Rx pharmacies sending members their medications based on the date needed.”

That said, it will take longer to get other systems back online. Organizations will be able to connect back into it beginning March 15, while UnitedHealth write that they will start testing and establishing connectivity to Change’s claims network and software March 18, “restoring service through that week.”

UnitedHealth’s OptumInsight group bought Change in 2021 for $13 billion.

“While we work to restore these systems, we strongly recommend our provider and payer clients use the applicable workarounds we have established – in particular, using our new iEDI claim submission system in the interest of system redundancy given the current environment,” UnitedHealth wrote.

The ransomware attack by BlackCat – also known as ALPHV – and the ensuing system shutdowns caused chaos for healthcare organizations and insurance companies – and eventually patients – with the issues reaching the highest parts of the federal government. The National Security Council reportedly has been looking for ways to get much-needed funding to hard-hit hospitals and the Health and Human Services Department outlined steps it was taking to alleviate some of the problems.

Expanded Funding Plan

Optum, a healthcare services provider and a subsidiary of UnitedHealth, a week ago introduced a temporary funding assistance plan to help cash-strapped healthcare organizations, though the initiative was criticized by Richard Pollack, president and CEO of the American Hospital Association, for not going far enough, adding that it “is not even a band-aid on the payment problems.”

In its incident update this week, UnitedHealth said it was expanding the program for medical, dental, and vision providers that will include “advancing funds each week representing the difference between their historical payment levels and the payment levels post attack. Advances will not need to be repaid until claims flows have fully resumed.”

Noting that the program won’t work for everyone, Optum is further expanding it to include providers that have tried other options and that work with another payer that is not advancing funds during the system shutdowns.

“This expansion is a funding mechanism of last resort, especially for small and regional providers, and will be evaluated on a case-by-case basis,” UnitedHealth wrote.

Take the Money and Run

There also was an upheaval on the cybercriminal side of the equation after the attack. BlackCat’s operations were disrupted in December 2023 by the U.S. Justice Department and FBI, but the ransomware-as-a-service (RaaS) gang reorganized and, with the help of an affiliate group, attacked Change.

However, a $22 million ransom that under normal RaaS operations would have been shared with the affiliate instead was taken by BlackCat, which shut down operations, sold off its source code, and made off with the money.

The affiliate raged online about the betrayal and said it still held 4TB of data stolen from Change, though it was unclear what the affiliate planned to do with the files.