Following a massive cyberattack on its Change Healthcare unit in February 2024, UnitedHealth Group launched a temporary financial aid program for struggling medical practices. The program offered interest-free loans to help providers manage short-term cash flow issues stemming from the disruption. However, over a year later, the company is demanding repayment, leaving doctors facing significant financial burdens.
The abrupt shift in UnitedHealth’s stance is causing outrage among those who received the loans. Documents reviewed by CNBC and statements from affected providers reveal that UnitedHealth is aggressively pursuing repayment, in some cases demanding hundreds of thousands of dollars within days. The company is even threatening to withhold future payments until the loans are repaid, a move described by some as a “shakedown.”
One doctor, Dr. Christine Meyer, an internist in Pennsylvania, received a loan of $756,900 and is now being asked to repay the full amount within five days. She claims her practice lost over $1 million in revenue due to the cyberattack and is exploring legal options. Dr. Meyer’s story was even shared during a Senate hearing in May 2024, where UnitedHealth CEO Andrew Witty assured lawmakers that repayment wouldn’t be required until providers confirmed their cash flow had normalized, and even then a 45-day grace period would be provided.
Dr. Purvi Parikh, an allergist and immunologist in New York, also received financial assistance and faced similar repayment demands. Her practice eventually secured an extension but only after facing pressure to repay the loan quickly. Another physician running a pediatric practice in New Jersey reported that UnitedHealth has already begun withholding payments, despite the practice’s attempts to establish a payment plan.
UnitedHealth defends its actions by stating that the service disruption has ended for most clients and that providers were informed about the potential for future payment withholding when they signed the loan agreement. The company also points to a similar approach taken by the U.S. Department of Health and Human Services following its own cyber-attack lending program. However, the doctors affected argue that the company’s current actions contradict earlier assurances and are creating further hardship for already vulnerable practices.
The situation highlights the lasting impact of the cyberattack, which compromised data from approximately 190 million Americans, the largest healthcare breach in U.S. history. While UnitedHealth has paid out billions of dollars to providers and restored most services, the lingering financial consequences for many doctors remain a significant concern. The differing accounts between UnitedHealth’s statements and the experiences of the doctors involved raise serious questions about transparency and the long-term implications of this major cyber event for the healthcare industry.
