top of page
Writer's pictureIPMD

NCPA Leads Retail Pharmacy in a Class Action Suit Against Change Healthcare, UnitedHealth Group, and Optum for Data Breach and Losses

Plaintiffs say defendants failed to secure its network failed to provide adequate guidance, and cost them money


The National Community Pharmacists Association, along with dozens of providers from multiple states, filed a class action lawsuit late last Friday against UnitedHealth Group and its subsidiaries Change Healthcare and Optum for losses resulting from the massive cyber-attack earlier this year.


United Healthcare is one of the country’s largest companies. Optum is its pharmacy benefits manager, one of the three largest in the world, and Change Healthcare handles medical billing for a huge chunk of the health care industry. In February, Change Healthcare was hit with a ransomware attack that brought payment and claims processing across the country to a halt. NCPA and the other plaintiffs say Change failed to take reasonable precautions against a catastrophic breach; mislead them about its network security; and caused massive financial losses for health care providers who were never reimbursed for services, and who incurred huge expenses trying to work around the downed system.


“UnitedHealth Group and its subsidiaries need to be held accountable for their lax security measures and for their failure to provide our members with adequate support and assurances to alleviate the financial losses our members suffered,” said NCPA CEO B. Douglas Hoey. “NCPA was against UnitedHealth’s acquisition of Change from the start. This breach proves that bigger is not better and that consolidation often leads to inefficiencies. Companies are so big they cannot protect every entry point and cannot respond quickly due to internal bureaucracy. The fact issues remain unresolved is a testament to this point. This breach has cost our members a significant amount of money and time and it is still not resolved months later.” 


Not only did Change, Optum, and UnitedHealth fail to adequately protect data for millions of patients, but when they discovered the breach, they shut the entire system down without providing a workable alternative, leaving thousands of pharmacies without any way to process claims. 


“Because Defendants disconnected the Change Platform, many healthcare providers lost their primary (and in some cases their only) source of claims processing for their patients and did not receive payment. Healthcare providers had to absorb these upfront costs,” says the complaint. In addition to the losses from not being paid, many pharmacies had to take out loans or deplete their reserves to buy expensive new software. 


“Community pharmacies incurred the losses because they wouldn’t let their patients suffer,” said Hoey. “Senior citizens and people with chronic illnesses were especially vulnerable. They can’t afford to pay out of pocket for drugs that can cost thousands of dollars because a medical billing firm left itself vulnerable.


“It wouldn’t have been fair to patients, and it isn’t fair to leave pharmacies holding the bag.”


###

Comments


bottom of page