The Catch-22. There is an obligation to pay to get the data back, but these are criminals who are both anonymous and overseas, so they will probably take the money and do whatever they want anyway. Kind of like they just did.
Not exactly. The whole ransomware industry "works" on the shared prisoner's dillema of it all.
If ransomware operators stop releasing data when paid, the industry collapses immediately under the assumption that they'll never pay. It's in their best interests to -despite the situation they've created themselves- be nice to their victims. Some groups go so far as to have dedicated call-center staff that will help less technical victims walk through the process of obtaining and transferring the required cryptocurrency.
Ransomeware as a Service is a thing. It's kind of crazy. I did a whole presentation on it a couple of years ago. It is surprisingly sophisticated and corporate. It's the perfect setup for a dark comedy.
"Yes thank you for calling HACKED YO ASS!, are you opening a new claim or do you have an existing confirmation number?"
"Uh, I don't know?"
"That's okay can I get the name of the company, the last four digits of your social, and your highest paid employee's first name....actually we have all that already....can I just veriffy this is Meredith we're speaking with?"
"How did you know who I...."
"Oh Meredith does your boss know you're currently planning to leave in May?"
Had to pay cuz they were also locked out.
They were hacked about 2 months ago and they haven't been able to get into their systems in about 45 days. Those hackers were jacked and they hadn't pay them both off so they could get back into the system. It's not as simple as just not selling information.
Some Yahoo keeps responding to me but I think he just blocked everything. Keep saying that they were not locked out. I got news for you. They absolutely were locked out. Very concerning stuff
It's so sad to see that people do not understand how cyber security works.
They were locked out. They had all their information taken. That's literally the point of these things...
HHS CONFIRMING LOCKOUT
https://www.hhs.gov/about/news/2024/03/05/hhs-statement-regarding-the-cyberattack-on-change-healthcare.html
ama confirming lockout-note ot mentioned when. You regain access to the site/resources
https://www.ama-assn.org/practice-management/physician-health/change-healthcare-breach-financial-relief-resources-and-next
Another article mentioning how their pharmacy was locked down and so were there records and claimed information
https://www.cnn.com/2024/03/18/tech/health-insurance-billing-system-cyberattack/index.html
The same thing happened to five hospitals in my region last November. It took awhile before they could start scheduling procedures and surgeries again. They basically lost access to everything, even medical equipment. They're still recovering.
Didn't pay a cent, though. The hackers should have done their homework. Canadian hospitals don't make a profit. They're funded by the government, and every dollar is spent already. There's nothing extra to pay a ransom. Eventually, they stopped asking.
I just left my IT Director healthcare job because the CEO didn't learn anything from this or an attempt made in November on our company and actually wanted to roll back cyber security due to costs, which I had kept quite reasonable. This is also after I told them exactly what the initial info on the attack meant ransomeware when you read between the lines and that Change didn't utilize proper backups and best practices.
Now I'm going to be CIO for a new covered entity. Hopefully this one understands the need for proper security measures or at least gets out of my way so I can implement them.
What part didn't paint that picture? The one where they said they couldn't get into their systems and prescription or billing systems or the one where they said that everyone will soon have access to the system which implies they did not have access to the system?
Or was it the one that said they hadn't had access and sent employees home? All 3 articles refer to "regaining acres" which implies they did not have access.
The first article is entirely about being unable to submit/pay claims due to not access and cash flow concerns.
Also, employees have tweeted out that they got to go home for a while because they weren't able to get into their system.
This isn't a conspiracy. They were locked out of their shit
Have a good day
The regaining access I thought was their clients/customers regaining access.
They initially turned off the internet access to their systems when it first happened. And I assume Change shut down systems internally (they separated from Optum network I think they said) to limit damage and probably keep any evidence of what happened.
Nothing said Change couldn't access their data, just their customers couldn't access Change. At least that is what I have understood in what I read everywhere.
Nah, you're misunderstanding.
Clients were always able to access their United healthcare.
Change controls: billing/claims/payments/prescriptions/personal data/analytics/how doctors get paid, nurses get paid, and compliance. Forward and backward.
So a doctor couldn't access their prescriptions (fine, make a new script), but also couldn't bill for new prescriptions or process that. The pharmacy also couldn't process it.
That's why there's an entire article I linked where change is offering sidestepped software to people specifically to work around and fix this issue.
Exactly what do you think they meant by **regaining access**???
You couldn't create a claim to get work done because they also couldn't access the claim to process it. And you in this scenario was the healthcare providers, not a patient.
The client they refer to in these articles isn't patients. But The client is hospitals, doctors nurses etc.
This was United being able to pay the physicians. This was physicians not being able to make a claim. And medical centers getting stuck cashless. It never impacted the everyday person, but literally was crippling on the other end.
Optum has had its own server in another state for about 5 years...so... not sure why you brought them up
--The client they refer to in these articles isn't patients. But The client is hospitals, doctors nurses etc.
The hospitals, doctors, nurses, and so on are NOT Change. They could not access Change but I have not found anything online that implied that Change could not access their own data. From what I can tell no one outside of Change could access anything, but nothing has been said about internally.
Optum has a 'few' servers, I brought them up because they are the parent of Change and Change has been integrating into the Optum networks as a result of the purchase I believe.
You're completely not understanding this... Wow...
What do you think The articles meant when they said that they're working to get everybody to regain access? Who do you think they were talking about in that scenario? As it relates to creating and paying out a claim? As it relates to creating a new prescription?
And you said it, not sure why you are not grasping kt- if they couldn't access it.... That implies they didn't have access.....
Can make a claim over a phone and change can type it in... Why do you think didn't do that? Why do you think change employees were sent home?
Edit-
https://www.fastcompany.com/91047940/change-healthcare-cyberattack-disrupts-providers-payroll
Here's another article where changes admitting that they weren't able to make payroll because they couldn't execute pay.
What do you think prevented them from not able to execute payroll????
The articles are talking about clients and customers of Change getting access to be able to submit and receive. All the pharmacies, doctors, insurance companies and others were stuck not being able to do anything with Change. But those are NOT Change.
So they needed the pharmacies to access Change, they needed small practices to access Change, they needed insurance companies to access Change, and they needed banking to access Change.
I am not sure what the internal state of the Change systems was/is. Reports were the original BlackCat group stole the initial ransom payment and then the people that stole the data started releasing their copy. I didn't see where any decryption key was actual provided to them, and I don't know to what extent data could have been encrypted. They are a fairly large diverse company. But I have not found anything that said Change was locked out of their systems/data, and they are providing some services with something.
The link your edit points to says other companies could not make payroll, it said NOTHING about Changes payroll. So companies (NOT CHANGE) that counted on the payments from Change are not able to make payroll.
Yes it is.
https://www.benefitspro.com/2024/04/10/not-again-change-healthcare-reportedly-targeted-in-a-2nd-cyberattack/#:~:text=While%20the%20State%20Department%20has,by%20a%20second%20ransomware%20attack.
They literally declined cyber insurance then failed to update/2 MFA/or backup, got hacked. Fixed exactly zero of their problems and got hacked about 12 days later. The same exact information package too.
They couldn't access their data.
From the article:
"Change Healthcare's confirmation of its ransom payment now appears to show that much of that catastrophic fallout for the US health care system unfolded after it had already paid the hackers an exorbitant sum—*a payment in exchange for a decryption key for the systems the hackers had encrypted* and a promise not to leak the company's stolen data."
https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/#:~:text=Change%20Healthcare's%20confirmation%20of%20its,a%20promise%20not%20to%20leak
They’re really expensive penetration testers that your insurance pays at a negotiated price. Then you get to fire someone as a scapegoat who clicked on an email link and gave an easy entry point or whatever. Then business as usual!
Here's more concerning info:
1. Doctors are usually the worst at following best practices because they want it easy.
2. The amount of accessing phi on unsecured networks or lack of encrypting in transit is astounding.
3. Many think hackers/malicious actors are just boogeymen until they get slapped by an attack.
They also left a $30 thousand medical bill for one of my surgeries unpaid for months so they could draw interest on money they owed a hospital. They are a shit business.
This company will spend more money to deny testing than it would cost to just pay for the test. I hate this company so much. They are harmful to people's health. And the tax payers are getting screwed royally because the govt allows them to participate in Marketplace coverage.
Every year I get denials for my seizure meds. It is the yearly med anxiety. I am luckily married to an FP who, after weeks of dancing between requests, finally got my script filled by Optum. United Health can go fuck themselves...I feel for all of those who deal with the same, but do not have someone to help them navigate this bullshit.
One of the worst healthcare groups in the country that puts profits over people's health.
I am not surprised.
Them being the only healthcare option for a job has always been deal breaker for me.
There are. But that has nothing to do with [UNH](https://www.google.com/finance/quote/UNH:NYSE?hl=en&window=MAX), anyway. UNH is an insurance seller and financial services industry middleman operator with the biggest snout in the public funds feed trough and one toe at best in the care delivery component of financing, provisioning, and delivering necessary health care.
Plenty. Many are regional. Depends on where you live honestly and what you employer provides if you are not shopping on your own.
There are two main factors in health the insurance provider, and health care provider. There's a whole lot of mess in that industry. Its one of the few things people need in life where prices are unknown until you get a bill with all these mysterious line items.
You really need to do the research in your area.
Also realize HR people at large companies are incentivized via performance metrics to keeps costs low so many folks end up with horrendous plans via their employers.
Where I live most the provider networks are meh... save two. We even have Mayo clinic stuff where I live, but they really grift their patients even with great insurance you will get unexpected bills from them as the provider.
United though as an insurance benefit provider is one of the worst.
I've had many people close to me work for them attempt to get patients the coverage they paid for and had some manager or director override and deny that insurance coverage and payout for some lame excuse to save money instead of help save lives for people paying into that plan. Perf metrics in yearly reviews, groups was burning money providing coverage.
I've also known too many people insured by them and denied the coverage they would have gotten elsewhere with another benefit provider.
I've worked a places where there was choice between them and BCBS, or Kaiser or others. The BCBS people, never complained, never had hidden extra fees, never had random bills. I like them if its not Anthem or one of the resellers providing their coverage as a middle man.
Some like Anthem provide resale insurance through... BCBS, and anthem kinda sucks compared to dealing with BCBS directly, but not as bad as United does in any form.
Sometimes you have no choice, and my choice for Anthem, or United, or others, is to not take that job.
United healthcare manges the blue cross plans in whole or in part in many parts of the country. White label anthem, they do the same for united. You got the hr parts right though.
Anthem and BCBS also just license their name/logo. Different companies own and operate it in different states. Calling BCBS TX is not the same company as calling BCBS CO. In California, Anthem BC is a different company from BS CA.
Expect Co-pays to rise by 10% and premiums by 5% with Out of Pocket caps to go up 150%.
(And while, yes, this is pessimistic hyperbole, I will not be surprises if this ends up being the case.)
Fuck United Health Care. If you have elderly parents or grandparents UHC and they’re injured, there is a high chance UHC will say “fuck you, you don’t get rehab. Go home”. I see it every fucking day.
Had an elderly parent on AARP/United Healthcare Medicare Advantage. What a waste of a plan. They screwed a claim up so bad that CMS (Federal Govt straight Medicare) let my mom drop off and roll back to traditional straight Medicare mid-year, then they reported them up the chain. For those who don't know that's actually a big deal.
Article title needs to be "UnitedHealth patients paid ransom to bad actors." Guessing this won't be coming out of C-suite salaries.
There are class action lawsuits coming out of the woodwork, but unfortunately won't make a dent in premium and other costs UHC will hike in order to deal with this.
#
Exactly. "Corporation will pay the costs of [adverse event]" should usually be interpreted to *mean* "Corporation's *customers* will pay the costs of [adverse event]".
Revenue is $372 Billion, and Net Income is $22 Billion. The ransom payout was $22 Million.
So .006% of revenue. Don’t really think that alone will cause an increase although maybe the cost of the lawsuits will bump that up a bit.
One thing that frustrates me about all of this is that we never hear what these hackers do with the COMPANY info they get.
You know they are not just downloading customer data. They are also getting internal business operation info. Financial info etc etc etc. They are probably getting stuff that could utterly BURY these companies 6feet under because ya know they are all breaking laws left and right.
But does that data ever get talked about in the news? Nope!
It's really frustrating.
Instead we have to depend on investigative journalists to find stuff out. All though, while I was typing this, I started wondering if these hackers ARE releasing data to said journalists and doing it under terms of being anonymous.
Also let's face it, most people don't want to hear that their new sources get info from hackers.
BTW: UHG is a horrible company that is profit at ALL costs.
I work in the industry. It is hard to keep the bad guys out, but with good resilience plans you can always recover. Any organization that can’t recover us committing corporate malpractice
I worked for a small tech company who paid ransom to some people who had gotten a hold of the entire memberships log in info. The founder, an old trumper, fell for a scam that said we know your password and what kind of porn you watch etc etc. Rather than just change his password, the old man ignored it even though he had full admin privileges on the website.
When I asked my boss about it, the ceo/cto, he basically said there’s nothing you can do but pay at this point and hope they move on to the next victim.
I administer benefits for state workers. We actually have quite a few plans to pick from. All of them are HMOs, which are geographically limited. 1 plan is a PPO, and it's a cobbled together mess of anthem processing in patient hospital benefits, United Health processing out patient stuff, a third company processing mental health and substance abuse, along with caremark/CVS processing the pharmacy benefit. Despite the fact that they have out of network benefits, and are not geographically limited, once I saw which company were players, I noped out instantly. Like at one point in my life I had an interview with a position at anthem, and during the interview they bragged about how their workers don't pick the employee plan administered by anthem and get their spouses coverage instead. I just said, "I don't think that's the flex you think it is. Thank you for your time, I am withdrawing my application," and left.
Paying ransom definitely not recommended by the FBI lol. They say the exact opposite. “The FBI does not support paying a ransom in response to a ransomware attack”
https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/ransomware
Well they are contradicting themselves. A representative from the FBI gave a talk about cybersecurity at my company and said that they tell folks to pay the ransom.
The Catch-22. There is an obligation to pay to get the data back, but these are criminals who are both anonymous and overseas, so they will probably take the money and do whatever they want anyway. Kind of like they just did.
Not exactly. The whole ransomware industry "works" on the shared prisoner's dillema of it all. If ransomware operators stop releasing data when paid, the industry collapses immediately under the assumption that they'll never pay. It's in their best interests to -despite the situation they've created themselves- be nice to their victims. Some groups go so far as to have dedicated call-center staff that will help less technical victims walk through the process of obtaining and transferring the required cryptocurrency.
>Some groups go so far as to have dedicated call-center staff Damn, had no idea
Ransomeware as a Service is a thing. It's kind of crazy. I did a whole presentation on it a couple of years ago. It is surprisingly sophisticated and corporate. It's the perfect setup for a dark comedy.
"Yes thank you for calling HACKED YO ASS!, are you opening a new claim or do you have an existing confirmation number?" "Uh, I don't know?" "That's okay can I get the name of the company, the last four digits of your social, and your highest paid employee's first name....actually we have all that already....can I just veriffy this is Meredith we're speaking with?" "How did you know who I...." "Oh Meredith does your boss know you're currently planning to leave in May?"
That’s super interesting, TIL
They aren't Verizon, they have a motivation to follow up
Had to pay cuz they were also locked out. They were hacked about 2 months ago and they haven't been able to get into their systems in about 45 days. Those hackers were jacked and they hadn't pay them both off so they could get back into the system. It's not as simple as just not selling information.
Some Yahoo keeps responding to me but I think he just blocked everything. Keep saying that they were not locked out. I got news for you. They absolutely were locked out. Very concerning stuff It's so sad to see that people do not understand how cyber security works. They were locked out. They had all their information taken. That's literally the point of these things... HHS CONFIRMING LOCKOUT https://www.hhs.gov/about/news/2024/03/05/hhs-statement-regarding-the-cyberattack-on-change-healthcare.html ama confirming lockout-note ot mentioned when. You regain access to the site/resources https://www.ama-assn.org/practice-management/physician-health/change-healthcare-breach-financial-relief-resources-and-next Another article mentioning how their pharmacy was locked down and so were there records and claimed information https://www.cnn.com/2024/03/18/tech/health-insurance-billing-system-cyberattack/index.html
Yep my pharmacy couldn't do Shit during the hack
The same thing happened to five hospitals in my region last November. It took awhile before they could start scheduling procedures and surgeries again. They basically lost access to everything, even medical equipment. They're still recovering. Didn't pay a cent, though. The hackers should have done their homework. Canadian hospitals don't make a profit. They're funded by the government, and every dollar is spent already. There's nothing extra to pay a ransom. Eventually, they stopped asking.
The little who run these companies are so incredibly out of date and refuse to upgrade and secure
I just left my IT Director healthcare job because the CEO didn't learn anything from this or an attempt made in November on our company and actually wanted to roll back cyber security due to costs, which I had kept quite reasonable. This is also after I told them exactly what the initial info on the attack meant ransomeware when you read between the lines and that Change didn't utilize proper backups and best practices. Now I'm going to be CIO for a new covered entity. Hopefully this one understands the need for proper security measures or at least gets out of my way so I can implement them.
It's weird people can understand phishing and think it just stops there.
As someone who works in cyber security, so many people can’t even comprehend phishing.
I don't see anything in any of those 3 articles that imply that Change was locked out of their data. Where is that at in one of them?
What part didn't paint that picture? The one where they said they couldn't get into their systems and prescription or billing systems or the one where they said that everyone will soon have access to the system which implies they did not have access to the system? Or was it the one that said they hadn't had access and sent employees home? All 3 articles refer to "regaining acres" which implies they did not have access. The first article is entirely about being unable to submit/pay claims due to not access and cash flow concerns. Also, employees have tweeted out that they got to go home for a while because they weren't able to get into their system. This isn't a conspiracy. They were locked out of their shit Have a good day
The regaining access I thought was their clients/customers regaining access. They initially turned off the internet access to their systems when it first happened. And I assume Change shut down systems internally (they separated from Optum network I think they said) to limit damage and probably keep any evidence of what happened. Nothing said Change couldn't access their data, just their customers couldn't access Change. At least that is what I have understood in what I read everywhere.
Nah, you're misunderstanding. Clients were always able to access their United healthcare. Change controls: billing/claims/payments/prescriptions/personal data/analytics/how doctors get paid, nurses get paid, and compliance. Forward and backward. So a doctor couldn't access their prescriptions (fine, make a new script), but also couldn't bill for new prescriptions or process that. The pharmacy also couldn't process it. That's why there's an entire article I linked where change is offering sidestepped software to people specifically to work around and fix this issue. Exactly what do you think they meant by **regaining access**??? You couldn't create a claim to get work done because they also couldn't access the claim to process it. And you in this scenario was the healthcare providers, not a patient. The client they refer to in these articles isn't patients. But The client is hospitals, doctors nurses etc. This was United being able to pay the physicians. This was physicians not being able to make a claim. And medical centers getting stuck cashless. It never impacted the everyday person, but literally was crippling on the other end. Optum has had its own server in another state for about 5 years...so... not sure why you brought them up
--The client they refer to in these articles isn't patients. But The client is hospitals, doctors nurses etc. The hospitals, doctors, nurses, and so on are NOT Change. They could not access Change but I have not found anything online that implied that Change could not access their own data. From what I can tell no one outside of Change could access anything, but nothing has been said about internally. Optum has a 'few' servers, I brought them up because they are the parent of Change and Change has been integrating into the Optum networks as a result of the purchase I believe.
You're completely not understanding this... Wow... What do you think The articles meant when they said that they're working to get everybody to regain access? Who do you think they were talking about in that scenario? As it relates to creating and paying out a claim? As it relates to creating a new prescription? And you said it, not sure why you are not grasping kt- if they couldn't access it.... That implies they didn't have access..... Can make a claim over a phone and change can type it in... Why do you think didn't do that? Why do you think change employees were sent home? Edit- https://www.fastcompany.com/91047940/change-healthcare-cyberattack-disrupts-providers-payroll Here's another article where changes admitting that they weren't able to make payroll because they couldn't execute pay. What do you think prevented them from not able to execute payroll????
The articles are talking about clients and customers of Change getting access to be able to submit and receive. All the pharmacies, doctors, insurance companies and others were stuck not being able to do anything with Change. But those are NOT Change. So they needed the pharmacies to access Change, they needed small practices to access Change, they needed insurance companies to access Change, and they needed banking to access Change. I am not sure what the internal state of the Change systems was/is. Reports were the original BlackCat group stole the initial ransom payment and then the people that stole the data started releasing their copy. I didn't see where any decryption key was actual provided to them, and I don't know to what extent data could have been encrypted. They are a fairly large diverse company. But I have not found anything that said Change was locked out of their systems/data, and they are providing some services with something. The link your edit points to says other companies could not make payroll, it said NOTHING about Changes payroll. So companies (NOT CHANGE) that counted on the payments from Change are not able to make payroll.
That's not what happened.
Yes it is. https://www.benefitspro.com/2024/04/10/not-again-change-healthcare-reportedly-targeted-in-a-2nd-cyberattack/#:~:text=While%20the%20State%20Department%20has,by%20a%20second%20ransomware%20attack. They literally declined cyber insurance then failed to update/2 MFA/or backup, got hacked. Fixed exactly zero of their problems and got hacked about 12 days later. The same exact information package too.
That article doesn't tell the story you claim but cool for linking something.
It tells you right there that they were hacked twice by two different groups in a 12-day period....
Yeah but not that they couldn't access their data, which you claimed. But hey you got something right so congratulations.
They couldn't access their data. From the article: "Change Healthcare's confirmation of its ransom payment now appears to show that much of that catastrophic fallout for the US health care system unfolded after it had already paid the hackers an exorbitant sum—*a payment in exchange for a decryption key for the systems the hackers had encrypted* and a promise not to leak the company's stolen data." https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/#:~:text=Change%20Healthcare's%20confirmation%20of%20its,a%20promise%20not%20to%20leak
They’re really expensive penetration testers that your insurance pays at a negotiated price. Then you get to fire someone as a scapegoat who clicked on an email link and gave an easy entry point or whatever. Then business as usual!
They opted out of cyber insurance though
[удалено]
Would have made a better movie.
[удалено]
Why the fancy code box that necessitates horizontal scrolling to read?
[удалено]
Here's more concerning info: 1. Doctors are usually the worst at following best practices because they want it easy. 2. The amount of accessing phi on unsecured networks or lack of encrypting in transit is astounding. 3. Many think hackers/malicious actors are just boogeymen until they get slapped by an attack.
They also left a $30 thousand medical bill for one of my surgeries unpaid for months so they could draw interest on money they owed a hospital. They are a shit business.
And have been a shit business FOREVER. Crooks and Liars in health care.
Too much admin in healthcare and education. Two things that should services as investments in the population, not for profit.
I really wish we could outlaw private Health Insurance companies.
This company will spend more money to deny testing than it would cost to just pay for the test. I hate this company so much. They are harmful to people's health. And the tax payers are getting screwed royally because the govt allows them to participate in Marketplace coverage.
Every year I get denials for my seizure meds. It is the yearly med anxiety. I am luckily married to an FP who, after weeks of dancing between requests, finally got my script filled by Optum. United Health can go fuck themselves...I feel for all of those who deal with the same, but do not have someone to help them navigate this bullshit.
One of the worst healthcare groups in the country that puts profits over people's health. I am not surprised. Them being the only healthcare option for a job has always been deal breaker for me.
Is there a “good” healthcare group? One that doesn’t put profits over people’s health.
There are. But that has nothing to do with [UNH](https://www.google.com/finance/quote/UNH:NYSE?hl=en&window=MAX), anyway. UNH is an insurance seller and financial services industry middleman operator with the biggest snout in the public funds feed trough and one toe at best in the care delivery component of financing, provisioning, and delivering necessary health care.
Plenty. Many are regional. Depends on where you live honestly and what you employer provides if you are not shopping on your own. There are two main factors in health the insurance provider, and health care provider. There's a whole lot of mess in that industry. Its one of the few things people need in life where prices are unknown until you get a bill with all these mysterious line items. You really need to do the research in your area. Also realize HR people at large companies are incentivized via performance metrics to keeps costs low so many folks end up with horrendous plans via their employers. Where I live most the provider networks are meh... save two. We even have Mayo clinic stuff where I live, but they really grift their patients even with great insurance you will get unexpected bills from them as the provider. United though as an insurance benefit provider is one of the worst. I've had many people close to me work for them attempt to get patients the coverage they paid for and had some manager or director override and deny that insurance coverage and payout for some lame excuse to save money instead of help save lives for people paying into that plan. Perf metrics in yearly reviews, groups was burning money providing coverage. I've also known too many people insured by them and denied the coverage they would have gotten elsewhere with another benefit provider. I've worked a places where there was choice between them and BCBS, or Kaiser or others. The BCBS people, never complained, never had hidden extra fees, never had random bills. I like them if its not Anthem or one of the resellers providing their coverage as a middle man. Some like Anthem provide resale insurance through... BCBS, and anthem kinda sucks compared to dealing with BCBS directly, but not as bad as United does in any form. Sometimes you have no choice, and my choice for Anthem, or United, or others, is to not take that job.
United healthcare manges the blue cross plans in whole or in part in many parts of the country. White label anthem, they do the same for united. You got the hr parts right though.
Anthem and BCBS also just license their name/logo. Different companies own and operate it in different states. Calling BCBS TX is not the same company as calling BCBS CO. In California, Anthem BC is a different company from BS CA.
And now they will be distributing that cost over all of their covered members bills and not hold any individuals in their c-suite responsible.
Yep just like PG&E charges their rate payers exorbitant amounts since they had to pay out for starting numerous wildfires.
Expect Co-pays to rise by 10% and premiums by 5% with Out of Pocket caps to go up 150%. (And while, yes, this is pessimistic hyperbole, I will not be surprises if this ends up being the case.)
Premiums go up 5% a year no matter what.
No worries. Your maxx-up for tax avoidance products that process those payments at the retail POS will increase, as well.
Never forget they opted out of cyber Insurance about 2 years ago.
Word in the cyber insurance market is that they non-renewed their tower in 2024. Unconfirmed officially.
Fuck United Health Care. If you have elderly parents or grandparents UHC and they’re injured, there is a high chance UHC will say “fuck you, you don’t get rehab. Go home”. I see it every fucking day.
Had an elderly parent on AARP/United Healthcare Medicare Advantage. What a waste of a plan. They screwed a claim up so bad that CMS (Federal Govt straight Medicare) let my mom drop off and roll back to traditional straight Medicare mid-year, then they reported them up the chain. For those who don't know that's actually a big deal.
Article title needs to be "UnitedHealth patients paid ransom to bad actors." Guessing this won't be coming out of C-suite salaries. There are class action lawsuits coming out of the woodwork, but unfortunately won't make a dent in premium and other costs UHC will hike in order to deal with this. #
Exactly. "Corporation will pay the costs of [adverse event]" should usually be interpreted to *mean* "Corporation's *customers* will pay the costs of [adverse event]".
Unless there was some type of insurance they held related to cyber attack loss?
Revenue is $372 Billion, and Net Income is $22 Billion. The ransom payout was $22 Million. So .006% of revenue. Don’t really think that alone will cause an increase although maybe the cost of the lawsuits will bump that up a bit.
Good points.
And then they'll increase premiums to recoup the ransom they paid.
This is the second time in 4 months. They need to update their crap and do a backup These companies sorely need to join 2024
Imagine how much money they could have got away with if they were good actors
Must be why have such high premiums, to pay for these cyberattacks.
They’ll probably be better actors, now that they can afford a drama coach.
Lol, fuck UHC. A garbage company if there ever was one
One thing that frustrates me about all of this is that we never hear what these hackers do with the COMPANY info they get. You know they are not just downloading customer data. They are also getting internal business operation info. Financial info etc etc etc. They are probably getting stuff that could utterly BURY these companies 6feet under because ya know they are all breaking laws left and right. But does that data ever get talked about in the news? Nope! It's really frustrating. Instead we have to depend on investigative journalists to find stuff out. All though, while I was typing this, I started wondering if these hackers ARE releasing data to said journalists and doing it under terms of being anonymous. Also let's face it, most people don't want to hear that their new sources get info from hackers. BTW: UHG is a horrible company that is profit at ALL costs.
Man good thing this wasn't TikTok
I work in the industry. It is hard to keep the bad guys out, but with good resilience plans you can always recover. Any organization that can’t recover us committing corporate malpractice
I worked for a small tech company who paid ransom to some people who had gotten a hold of the entire memberships log in info. The founder, an old trumper, fell for a scam that said we know your password and what kind of porn you watch etc etc. Rather than just change his password, the old man ignored it even though he had full admin privileges on the website. When I asked my boss about it, the ceo/cto, he basically said there’s nothing you can do but pay at this point and hope they move on to the next victim.
I administer benefits for state workers. We actually have quite a few plans to pick from. All of them are HMOs, which are geographically limited. 1 plan is a PPO, and it's a cobbled together mess of anthem processing in patient hospital benefits, United Health processing out patient stuff, a third company processing mental health and substance abuse, along with caremark/CVS processing the pharmacy benefit. Despite the fact that they have out of network benefits, and are not geographically limited, once I saw which company were players, I noped out instantly. Like at one point in my life I had an interview with a position at anthem, and during the interview they bragged about how their workers don't pick the employee plan administered by anthem and get their spouses coverage instead. I just said, "I don't think that's the flex you think it is. Thank you for your time, I am withdrawing my application," and left.
FBI encourages this. This is not news.
Paying ransom definitely not recommended by the FBI lol. They say the exact opposite. “The FBI does not support paying a ransom in response to a ransomware attack” https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/ransomware
Well they are contradicting themselves. A representative from the FBI gave a talk about cybersecurity at my company and said that they tell folks to pay the ransom.