Senators Demand Answers from UHG on Aggressive Loan Repayment Tactics Following Cyberattack
Senate Finance Committee Ranking Member Ron Wyden (D-OR) and Senate Banking Committee Ranking Member Elizabeth Warren (D-MA) have demanded answers from UnitedHealth Group about the alleged aggressive tactics being used to recover the funds lent to healthcare providers following the ransomware attack on Change Healthcare last year.
Change Healthcare fell victim to a ransomware attack in February 2024, causing a prolonged outage of Change Healthcare’s systems, which handled approximately 45% of all healthcare transactions at the time of the attack. Providers were reliant on those systems for obtaining authorization and payment from health insurers, and the outage caused severe payment and reimbursement problems, with providers having to cover the costs of treatment, tests, vaccinations, and even prescriptions. Patients also faced disruptions, especially those unable to afford to pay for their medications without copay assistance.
UnitedHealth Group, through its industrial bank subsidiary Optum Financial, established a temporary funding assistance program, which provided interest-free loans to hospitals and medical practices experiencing financial difficulties due to the outage. More than $9 billion in loans were paid to struggling providers. Systems were brought back online after several months; however, the financial difficulties have continued for many providers, who are now having to repay the loans. There have been multiple reports that UnitedHealth Group has been adopting aggressive tactics to recover funds, including withholding payments or health insurance claims through its insurance subsidiary UnitedHealthcare.
“These reports are particularly troubling because they underscore the extraordinary market power of United’s massive, vertically-integrated conglomerate: the problem was caused by a breach of United’s payment clearinghouse, Change; the loans were offered by United’s industrial bank, Optum Financial; and now the company is using its insurance arm as a collection tool,” explained the senators in the August 27, 2025 letter to UnitedHealth Group CEO, Stephen J. Hemsley, and Optum Financial CEO, Dhivya Suryadevara.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
UnitedHealth Group has been accused of using loan shark tactics to recover the loans, including refusing to negotiate payment plans. Providers have claimed they were told to immediately repay the loans in full, which in some cases runs to hundreds of thousands of dollars. Some have been threatened with withholding all current claims payments if the debt is not repaid within five business days, and funds will be withheld until the debt is repaid in full. Further, claims have allegedly been rejected for failing to meet the filing deadline from the period after the cyberattack, when Change Healthcare’s systems were offline.
UnitedHealth had previously told the Senate Committee on Banking, Housing, and Urban Affairs and the Senate Committee on Finance that loan recipients were given 45 days to repay the loans, and UnitedHealth Group contacted each multiple times during those 45 days. If no response was received after the 45-day period, providers were contacted and told to pay within five business days. Then, if no response is received, claims will be offset and moved into recoupment. If providers cannot repay within that time frame, UnitedHealth Group suggested that they would work out a mutually agreeable repayment plan.
The senators have demanded answers from UnitedHealth Group and Optum Financial on the loan repayment process and have requested answers to the following questions by September 12, 2025.
- Provide data indicating the total number of loans lent to providers from March 2024 to present.
- Provide documents detailing the process and criteria that Optum Financial used to distribute funds to providers who were adversely impacted by the February 2024 attack.
- Provide documents detailing Optum Financial’s repayment process.
- Provide a copy of any and all written agreements that were given to providers when they accepted funds.
- Provide any and all copies of express repayment plans that Optum Financial offers to health care providers who accepted funds.
- Provide documents detailing redress options that Optum Financial makes available to providers who are unable to repay funds within 45 days of initial notification.
- Does Optum Financial plan to outsource collection efforts to a third-party?
- Provide documents related to any intercompany loans that were made to Optum Financial, if applicable.
- Did United Health or Optum Financial solicit or use third-party financing for the purposes of making either loans to providers or intercompany loans? If yes, provide details.
