UHG faces scrutiny over Change Healthcare loan repayment tactics

Two U.S. senators are demanding answers from UnitedHealth Group after receiving reports of "abusive tactics" used by UHG to recoup funds lent to providers during the 2024 Change Healthcare cyberattack. Sens. Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.) sent a letter to UHG CEO Stephen J. Hemsley and Optum CEO Dhivya Suryadevara asking for clarification on UHG's loan repayment process.

As previously reported, Change Healthcare suffered a record-breaking 193-million-record data breach in 2024 after a cyberattack that disrupted the U.S. healthcare system for weeks.

"Payment delays that resulted from the February 2024 ransomware attack against United subsidiary Change Healthcare caused -- and continue to cause -- significant financial hardships for health care providers," Wyden and Warren wrote in a letter dated Aug. 27, 2025.

"These providers need time and flexibility to recover from tens of millions in unexpected costs that resulted from delayed reimbursements due to the Change breach."

During the cyberattack, Optum Financial Services launched a temporary funding assistance program to help organizations manage short-term cash flow needs as the cyberattack continued to disrupt claims processing.

"Once standard payment operations resume, the funds will simply need to be repaid," Optum explained in early March 2024, when it first stood up the loan program. "We have been able to estimate your average weekly payments, which will be the basis for the support. Our plan is to take this week by week with people re-upping for funding each week as needs persist."

Even with the loan program available, physicians reported widespread financial challenges due to the Change Healthcare cyberattack. More than 75% of April 2024 American Medical Association survey respondents reported losing revenue from unpaid claims, and more than half said they had to use personal funds to cover their practice's expenses.

Wyden and Warren asked UHG for answers on its allegedly aggressive loan repayment strategies, citing reports that UHG had withheld payment for health insurance claims through its insurance subsidiary, UnitedHealthcare.

"One health care provider compared Optum's collections processes to those of predatory 'loan shark' tactics," the letter stated. "These reports are particularly troubling because they underscore the extraordinary market power of United's massive, vertically-integrated conglomerate: the problem was caused by a breach of United's payment clearinghouse, Change; the loans were offered by United's industrial bank, Optum Financial; and now the company is using its insurance arm as a collection tool."

Alleged offenses by UHG mentioned in the letter include refusal to negotiate payment plans and garnishment of reimbursements.

"As the largest commercial health insurance provider in the country, United has a unique responsibility to help health care providers navigate realistic and tailored repayment options to address the problems caused by its breach," the letter continued.

The senators provided the UHG and Optum CEOs with a list of questions to answer. The questions include a request for data indicating the total number of loans lent to providers from March 2024 until now and seek details on the process that Optum Financial used to distribute funds and establish its repayment process.

Wyden and Warner requested responses to these questions no later than Sept. 12, 2025.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.