UnitedHealthcare / Change Healthcare Cyber Incident

By admin | 29 May 2024
UnitedHealthcare / Change Healthcare Cyber Incident (post image)

CRS is Here to Help!

CRS is an independent risk and insurance advisor to alternative asset managers, respective
portfolio company assets, and stand-alone commercial companies (from start-up to Fortune 10).
We are guiding clients to navigate challenges arising out of the UnitedHealthcare /
ChangeHealthcare (“CHC”) cyber incident to (a) mitigate negative operational or personnel impact,
and (b) avoid lost revenue or business interruption.

CRS expects the CHC cyber incident to have material impacts on businesses (even those tangentially
involved in the healthcare industry). These impacts include lost income, potential third-party
liability if (Personally Identifiable Information “PII”) and Personal Health Information “PHI”)
have been compromised, reputational harm and even secondary Directors & Officers (D&O) liability
for failure to supervise, manage and breach of fiduciary duty. In turn, we expect insurance
carriers to be inundated with claims, which could lead them to attempt to enforce narrow readings
of respective policies to limit their own exposure to policyholders.

CRS has been through these dynamics in the past and can help you navigate the pitfalls of each
scenario. CRS will guide clients through the nuances of issues arising from the CHC incident, help
determine business strategies, manage negative impact on customer, vendor, or other third-party
contracts, mitigate costs and address shifting business risks that could impact losses and/or
insurance coverage. This is incredibly important, as even small knock-on effects can cause a
slowdown of operations, an inability to conduct business, and a loss of revenue.

  • CRS will opine on enterprise risk and insurance coverage issues; help you devise practical risk
    management processes and controls; and advocate on your behalf with insurance carriers.
  • CRS will drive a focused and tailored review of relevant insurance policies, e.g., Cyber and
    D&O, to identify potential coverage extensions, how best to access and advocate for insurance
    recovery, and to mitigate costs created by opportunistic plaintiffs’ attorneys or unintentional
    missteps by management.
  • A review by CRS will provide visibility, amongst other things into:
    o Whether, on its plain terms, the policy affords coverage for different claims’ scenarios;
    o If coverage is available, the triggers or conditions to coverage which the insured must satisfy,
    and whether a notice of potential loss should be provided to insurers;
    o Potential exclusions of coverage, which could: (a) exclude coverage entirely, or (b) indicate a
    “gray area,” which may be utilized by carriers to leverage a denial of coverage;
    o What documentation/information may need to be maintained to quantify losses; and
    o Expectations on what to watch for as market / government / regulatory developments occur and risks evolve that could impact recovery from insurance.
  • CRS will review your contracts to identify indemnity and insurance issues, e.g., where you
    might be entitled to recovery or hold harmless from counterparties or vice versa.
    CRS is the preeminent risk management advisor, please feel free to reach out.