August 28,2025

Wyden and Warren Press UnitedHealth for Answers on Abusive Tactics to Recoup Loans to Doctors After Mass Cyberattack

Following Pledges to Make Doctors Whole After Change Healthcare Cyberattack, UnitedHealth has Deployed Aggressive Tactics

Text of the Letter (PDF)

Washington, D.C. – Senate Finance Committee Ranking Member Ron Wyden, D-Ore., and Senate Banking Committee Ranking Member Elizabeth Warren, D-Mass., pressed UnitedHealth Group (United) on using abusive tactics to force doctors to quickly repay all loans after last year’s cyberattack destabilized the U.S. health care system.

United’s financial service arm lent loans to providers who became financially stranded in light of the cyberattack that forced the company to pull down online payment and processing systems. Multiple reports have surfaced indicating Optum Financial used predatory tactics to demand its money back, including threatening to withhold paying for doctors’ health insurance claims if they do not pay in full immediately.

“These reports are particularly troubling because they underscore the extraordinary market power of United’s massive, vertically-integrated conglomerate: the problem was caused by a breach of United’s payment clearinghouse, Change; the loans were offered by United’s industrial bank, Optum Financial; and now the company is using its insurance arm as a collection tool,” wrote the senators to United Chief Executive Officer Stephen J. Hemsley and Optum Chief Executive Officer Dhivya Suryadevara. 

Since millions of dollars in insurance payments were delayed, doctors and patients were forced to cover vaccinations, treatments, medications, among other expensive health care costs. As a result of the cyberattack, doctors have continued to struggle to financially get back up on their feet. Wyden and Warren emphasized that doctors need time and flexibility to recover tens of millions of dollars in unexpected costs from delayed reimbursements.

“As the largest commercial health insurance provider in the country, United has a unique responsibility to help health care providers navigate realistic and tailored repayment options to address the problems caused by its breach,” the senators continued.

Despite United informing the Senate Finance Committee and the Senate Banking, Housing and Urban Affairs that it sent providers several notices requiring payment within a 45-day period, the company did not give details about how it would establish an agreed upon plan for providers to fully repay their loans within a short window.

To understand United’s loan repayment process, the senators demanded answers to the following questions no later than September 12, 2025:

  1. Provide data indicating the total number of loans lent to providers from March 2024 to present.

  2. Provide documents detailing the process and criteria that Optum Financial used to distribute funds to providers who were adversely impacted by the February 2024 attack.

  3. Provide documents detailing Optum Financial’s repayment process.

  4. Provide a copy of any and all written agreements that were given to providers when they accepted funds.

  5. Provide any and all copies of express repayment plans that Optum Financial offers to health care providers who accepted funds.

  6. Provide documents detailing redress options that Optum Financial makes available to providers who are unable to repay funds within 45 days of initial notification.

  7. Does Optum Financial plan to outsource collection efforts to a third-party?

  8. Provide documents related to any intercompany loans that were made to Optum Financial, if applicable.

  9. Did United Health or Optum Financial solicit or use third-party financing for the purposes of making either loans to providers or intercompany loans? If yes, provide details.

In August, Wyden and Warren launched an investigation of United’s cost reduction tactics in nursing homes, after reports that these business practices have resulted in harm to seniors and people with disabilities. In June 2024, Wyden urged the Biden administration in a letter to investigate United’s negligent cybersecurity. During that same month, Wyden urged the Department of Health and Human Services (HHS) to immediately require cybersecurity defenses for large health care companies.

The full letter can be found here.

###