A hacking incident earlier this year had targeted the company’s Change Healthcare unit that handles 15 billion health care transactions annually.
Health insurance firm UnitedHealth Group revised up the estimated cost of its February data breach to $2.45 billion for the year while also lowering the company’s earnings estimate for the period.
“The company has restored the majority of the affected Change Healthcare services while continuing to provide financial support to the remaining health care providers in need.”
UnitedHealth currently estimates the total full-year 2024 impact of the cyberattack at $1.90 to $2.05 per share, it said. This is up from the earlier estimate of $1.15 to $1.35 per share.
The net earnings outlook for 2024 has been lowered from a range of $17.60 to $18.20 per share to $15.95 to $16.40. The massive cyberattack is one of the reasons for lower projections.
For the first six months of 2024, UnitedHealth suffered $1.98 billion in costs due to the data breach, out of which $1.1 billion was accounted for by the three-month period between April and June.
Despite the high costs of the hacking incident, United Health reported positive results for second quarter 2024, with revenues jumping by almost $6 billion to $98.9 billion. The company’s earnings from operations fell from $8.1 to $7.9 billion, including the $1.1 billion cyberattack adjustment.
The firm did not state the exact number of people affected by the cyberattack, but estimated the incident could have impacted “a substantial proportion of people in America.”
Impact of the Hack
The Change Healthcare cyberattack triggered widespread concerns in the medical field given its prominent role in processing insurance claims.
“Some hospitals and other care providers are experiencing extraordinary reductions in cash flow, threatening their ability to make payroll and to acquire the medical supplies needed to provide care,” it said at the time.
“We’re continuing to investigate as to exactly why MFA was not on that particular service. It clearly was not,” he said. “Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition. For some reason, which we continue to investigate, this particular server did not have MFA on it.”
When pressured for a response on the number of impacted individuals, the CEO estimated that one-third of Americans could have had their sensitive health information leaked to the dark web. Mr. Witty also revealed that the company paid the hackers $22 million in Bitcoin as ransom.