Health care providers say they continue to struggle with significant billing problems following a cyberattack last month at a subsidiary of Minnetonka-based UnitedHealth Group.

The aftershocks, meanwhile, range from from federal lawsuits filed against UnitedHealth to puzzling reports about a possible ransom payment to the hackers.

UnitedHealth Group says it's making progress on workarounds and fixes. Yet hospital and physician groups have stepped up calls for help with the financial fallout, saying many health care providers are still having problems.

"Physicians are experiencing financial struggles that threaten the viability of many medical practices," the American Medical Association said Tuesday. "Many physician practices operate on thin margins, and the AMA is especially concerned about the impact on small and/or rural practices, as well as those that care for the underserved."

Last week, UnitedHealth rolled out a financial assistance program for health care providers struggling with cash flow problems, but the American Hospital Association on Monday blasted it, saying the company "can — and should — be doing more to address the far-reaching consequences."

On Tuesday, the federal government announced steps its taking to help health care providers, but the American Medical Association says the measures don't go far enough.

The cyber incident occurred Feb. 21 and prompted UnitedHealth to suspend operations of the electronic data clearinghouse at Change Healthcare. This system, which is widely used by pharmacies, hospitals and clinics, processed an estimated 50% of all medical claims in the U.S. during 2022.

Prescription issues highlighted in lawsuits

UnitedHealth Group says its technical work is helping preserve patient access to medications.

"We continue to see pharmacy claims flowing at near-normal levels," the company said in a Tuesday afternoon update. "While some pharmacies are still unable to submit claims, we are making progress toward full restoration."

Yet the problems that remain are serious, said John Hoeschen, the owner of St. Paul Corner Drug. His pharmacy was fortunate to primarily rely on a clearinghouse other than Change Healthcare, yet Hoeschen still has a stack of claims for Medicare Part B payments that he hasn't been able to submit for about two weeks.

"If you can't submit a claim, you can't get paid for a claim," he said. "It's a mess — it's an absolute mess. And I don't know when it's going to get resolved."

Patients have run into trouble at pharmacies, too, according to both of the lawsuits, which were filed this week in the U.S. District Court of Minnesota.

In one filing, a California resident says he was told that because of the systems problem he'd have had to pay full price for his medication and pursue an insurance claim after the fact. The plaintiff "is hesitant to pursue further medical care until he is assured that his information has been secured and his insurance coverage will be accepted," his lawsuit states.

A second lawsuit, brought by another California patient, says the inability to fill a prescription exposed him "to potential negative health risks."

"Defendants continue to rake in billions of dollars off the backs of the patients and providers whose confidential and highly sensitive information they promised to protect," the lawsuit states. "[UnitedHealth Group] is responsible for the data breach because it failed to implement reasonable security procedures and practices and failed to disclose material facts surrounding its deficient security protocols."

The company did not comment on the lawsuits, which were filed as class actions.

Fix for medical practices much harder

Compared with pharmacy systems, UnitedHealth Group says it will take longer to bring a full recovery to systems for filing medical claims. About 90% of these claims are "flowing uninterrupted," the company said, but health care providers say significant problems remain.

Minneapolis-based Allina Health said that while it's used manual workarounds to help patients with their insurance coverage and authorizations, it's proven "much more difficult" to get claims submitted to health insurers. Allina runs nine hospitals including Abbott Northwestern in Minneapolis, one of the state's largest medical centers.

"We are experiencing a gap in our ability to bill for most of our hospital services," the health system said in a Monday evening statement.

At Minnesota Voice & Speech Clinic in Hopkins, office manager Marti Priest says the system shutdown has left her practice sitting with about $4,000 worth of claims she still can't submit.

This week, the company that supplies an electronic medical record for her practice has scrambled to create an alternate system for submitting claims to commercial health insurers, Priest said. She hopes to start using soon, although Priest hasn't yet found a workaround for submitting claims to government-sponsored health plans.

"Have you heard the old saying, how many miles does it take to turn an ocean liner?" Priest said. "This is the ocean liner, and every single provider is trying to stop on a dime and turn."

For now, her practice is not interested in looking at UnitedHealth Group's assistance program, but Priest wants to know whether the company did everything it could to prevent the cyberattack.

"When you're acquiring so many different pieces of a pie, so you can make money off of touching health, why weren't you spending more money on the cyber nature of your business?" she asked. "This is a known actor – this is a severe known actor. … This is huge."

Health care providers use the Change Healthcare clearinghouse to submit claims to UnitedHealthcare and many other health insurers. Minneapolis-based UCare saw close to a 90% drop in claims submitted compared with historical trends initially, although this has improved to a 50% decline with contingency plans, the HMO says.

Who's responsible for the cyberattack?

UnitedHealth Group initially disclosed the incident by saying a "nation-state associated cyber security threat actor" had accessed some information technology systems at Change Healthcare. Last week, the company said the cyberattack was "perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat."

This group is notorious for encrypting data to hold it hostage in order to secure massive cryptocurrency payouts. A federal report in February identified Blackcat among Russian cyber criminal groups, but cybersecurity expert Brett Callow said he didn't consider the gang as being state-sponsored, nation-state associated or Russian.

Wired magazine reported earlier this week on signs from a Bitcoin account and a cybercriminal underground forum that suggest the alleged hackers might have received a $22 million ransom. UnitedHealth Group would not comment, beyond saying the company is "focused on the investigation.

On Tuesday, Reuters reported on an apparent "exit scam" by the hackers, a strategy where criminals falsely claim their website has been disabled by law enforcement in hopes of avoiding payment to partners in crime.

The biggest cyber-ransom paid to date was about $40 million, said Callow, an analyst with the cybersecurity firm Emsisoft. Massive payments like this are a problem, he said, because they motivate the attackers and provide them with resources to scale their operations.

"We know that $22 million was paid into a wallet belonging to ALPHV, and we know that someone claiming to be an affiliate of ALPHV stated that the money was paid by Change," Callow said of the report in Wired magazine. "While this does not prove that Change paid, it certainly points to it."

Aside from the Change Healthcare systems, UnitedHealth Group says its other systems were not hit by the cyberattack including those at its UnitedHealthcare insurance business as well as the Optum division for health care services.

After UnitedHealth announced plans in 2021 to acquire Change Healthcare, the Justice Department challeneged the deal by arguing the company's clearinghouse would provide access to immense amounts of competitively sensitive data from rival health insurers and health care providers. Ultimately, the government lost the case and UnitedHealth completed the merger in 2022.

Staff writer Mike Hughlett contributed to this report.