UnitedHealth Cyberattack Could Hurt Hospitals’ Credit

American healthcare providers may see their credit hurt following the recent cyberattack on UnitedHealth.

That’s according to ratings agency Moody’s, whose projections were cited in a Sunday (March 10) report by Seeking Alpha.

Late last month, an attack by the hacker group Blackcat/ALPHV on UnitedHealth unit Change Healthcare’s insurance billing service caused a nationwide disruption to the healthcare system.

“The ultimate credit impact on providers will largely depend on the effect of payment delays on cash flow needed to meet expenses,” Moody’s senior analyst Kailash Chhaya said.

Chhaya noted that providers that rely solely on Change cannot file for claims, while larger providers using more than one system can offset the impact. 

Last week, UnitedHealth said it would restore Change’s claims network and software by the middle of this month, and would provide funding support to health providers affected by the cyberattack. Moody’s has said the incident would be “credit negative” for the company.

In response to the breach, the federal government last week took action to support hospitals and healthcare providers impacted by the hack.

The Centers for Medicare & Medicaid Services (CMS), a division of the Department of Health and Human Services (HHS), announced steps to expedite Medicare and Medicaid payments to those affected.

All the same, concerns persist in the healthcare space, with industry groups like the American Hospital Association (AHA) and the American Medical Association (AMA) voicing concerns that the government’s current measures fall short of addressing the full scale of the crisis. 

And as PYMNTS wrote last month, this crisis is part of a broader pattern. In 2023, cyberattacks on the U.S. health system increased in both volume and sophistication, with health facilities being hit by 226 digital attacks impacting 36 million people in the first half of the year alone.

These types of attacks aren’t just confined to the health space. For example, LoanDepot suffered a January data breach that affected 16.9 million customers. Moving and storage company U-Haul also reported last month that it had suffered a data breach in December of last year affecting around 67,000 of its customers in North America.

Other recent breaches struck Sony-owned video-game studio Insomniac and VF Corporation, the owner of Vans, The North Face, Timberland and Dickies, which suffered a December cyberattack that disrupted ability to fulfill holiday season orders.