A Year After Healthcare's Largest Cyber-Attack, Why Don't We Care?

One employee, one email, and one click. That's all it took to launch the largest healthcare system breach in U.S. history, paralyzing a $4.9 trillion market overnight. But this story isn't just about a cyber-attack; it's about an industry that has forgotten who it serves.

When Change Healthcare—a UnitedHealth Group subsidiary that processes 15 billion healthcare transactions annually—was breached on February 21, 2024, the response was silence. Nearly a year later, as providers nationwide still struggle to get paid for care they delivered during the attack, UnitedHealth Group celebrates billions in profits. They also finally admitted that 190 million Americans' personal information was compromised—double what was initially claimed. That means one in every two Americans now has their medical history, diagnoses, and financial records exposed.

I've spent decades in banking technology and witnessed firsthand what true leadership looks like in a crisis. In 2008, during the financial meltdown, leaders stepped forward to drive real reform. I was at the front lines—helping European banks navigate the debt crisis. I learned two crucial lessons. First, staying silent when you see problems makes you complicit in the system. Second, real leaders make tough decisions that hurt profits when it's the right thing to do for customers and the country.

Healthcare payments are critical infrastructure by any measure. They represent nearly 20% of U.S. GDP and 5% of global GDP. They're vital to our national security and economic well-being, impacting millions of jobs and the delivery of essential care to every American. Just as we wouldn't accept a single point of failure in our power grid or banking system, we can't accept it in healthcare payments. Yet a single point of failure—one company's breach—brought the entire system to its knees.

Three immediate changes are needed. First, we need a full accounting of this breach's true impact—how many diagnoses were lost, how many providers faced bankruptcy, what was the real economic damage? Second, we need transparent risk management processes and infrastructure investment requirements for companies handling healthcare payments. Third, we need accountability measures that match the responsibility of managing critical infrastructure.

Over the past year, I've met with lawmakers from both parties, sharing what banking reform and fintech innovation taught me about fixing broken industries. When I explain how banking reformed itself through multiple crises - implementing real-time payments, rebuilding public trust, and eliminating predatory practices - lawmakers from both parties lean in. The parallels are clear. The healthcare giants have built their business models around deliberately delaying payments, profiting for months from interest on money they owe to doctors and hospitals for care already provided. Congress is finally asking why we allow this to continue.

The large insurers that dominate our system will tell you healthcare is too complicated to change—just as banking and credit cards once did until the public demanded fairness and efficiency.

The truth is nobody feels they have any say in healthcare. Zero. Not patients. Not doctors. Not even the employers paying the bills. We feel powerless about which doctors we can see, what care we can get, whether prices are fair. But here's what banking taught me: change happens when people finally find their voice, demand better and refuse to accept excuses.

One year after the largest breach in healthcare history, UnitedHealth Group wants us to move on. But the crisis has spoken for itself—it's time for us to raise our voices, hold our leaders accountable, and build a healthcare system that works for everyone. When industry executives earn annual salaries in the tens of millions, they must also shoulder accountability for protecting the public interest. Healthcare payments aren't just transactions—they are critical infrastructure, the backbone of a system that should serve people, not profit margins.

About Boe

Boe Hartman is the Co-founder and CTO of Nomi Health, where he leads the company's mission to reduce healthcare costs through real-time payment innovations. Prior to Nomi Health, he helped build Apple Card and Marcus at Goldman Sachs and served as CIO at Barclays Card International.