The year 2024 proved to be a pivotal and tumultuous period for the health insurance industry, defined by the shocking murder of UnitedHealthcare's CEO and the largest cyberattack in the sector's history. Legal and regulatory battles over Medicare Advantage, significant policy shifts, and mounting public frustration with insurers underscored a year of upheaval.
Murder of Brian Thompson
The December murder of UnitedHealthcare CEO Brian Thompson shocked the healthcare industry and highlighted public frustration with health insurers. The alleged gunman, Luigi Mangione, carried out what police described as a targeted attack outside UnitedHealth Group’s 2024 investor conference in New York, leaving behind shell casings inscribed with "deny," "defend," and "depose." The incident also spurred heightened security measures for healthcare executives, and prompted UnitedHealth Group CEO Andrew Witty to call for greater transparency in healthcare coverage decisions.
Medicare Advantage disruptions
The Medicare Advantage annual enrollment period was marked by significant industry changes, including increased government scrutiny, tighter CMS regulations, reduced base payments, and rising healthcare costs. In response to market shifts, MA carriers prioritized their margins over membership by reducing certain benefits and exiting unprofitable markets, while some health systems chose to no longer accept some or all MA plans.
The GLP-1 dilemma
Insurers and self-funded employers made significant changes to their GLP-1 drug coverage policies in 2024, reflecting the financial and operational challenges posed by the high-cost medications. In November, the Biden administration proposed expanding Medicare and Medicaid coverage for weight loss drugs. In May, research from the Blue Cross Blue Shield Association found 58% of patients discontinue GLP-1 use before reaching a clinically meaningful health benefit.
Change Healthcare cyberattack
The February ransomware attack on UnitedHealth subsidiary Change Healthcare was described by the American Hospital Association as "the worst cyberattack in healthcare history" and disrupted one-third of all U.S. healthcare transactions. The ALPHV (BlackCat) ransomware group exploited vulnerabilities to infiltrate systems, leaving Change offline for months and delaying claims processing for thousands of providers. UnitedHealth paid a $22 million ransom to protect sensitive data and distributed over $9 billion in financial assistance, but critics questioned the company's preparedness and response. The attack affected 100 million people and led to a projected $2.87 billion financial impact for UnitedHealth.
Dr. Oz nominated for CMS Administrator
In November, President-elect Donald Trump nominated Mehmet Oz, MD, a television personality and professor emeritus of cardiothoracic surgery at Columbia University, to lead CMS. Dr. Oz has been a major proponent of Medicare Advantage, and has pitched expanding the program to extend coverage to all Americans.
Justice Department investigates, sues UnitedHealth
In February, The Wall Street Journal reported that the Justice Department has opened an antitrust investigation into UnitedHealth Group. Investigator's questions have asked about the relationship between the company's UnitedHealthcare insurance unit and its Optum health-services arm, which owns physician groups along with additional assets. The DOJ is also suing to block Optum's planned $3.3 billion acquisition of home health provider Amedisys on antitrust grounds.
MultiPlan allegations
Major insurers, including UnitedHealth, Aetna and Cigna, made millions from processing fees by using MultiPlan, a data analytics firm, to determine how much to pay providers for out-of-network claims, according to an April investigation from The New York Times. Since then, MultiPlan has been sued by the American Medical Association and several health systems, alleging the data analytics firm is colluding with commercial payers in price-fixing schemes.
New prior authorization rules
A new CMS rule aiming to streamline Medicare Advantage and Part D prior authorizations took effect Jan. 1. It requires that coordinated care plan prior authorization policies may only be used to confirm the presence of diagnoses or other medical criteria and/or ensure that an item or service is medically necessary. The final rule also directs MA plans to adhere to the "two midnight rule" for coverage of inpatient admissions.
Also in January, CMS finalized a rule to streamline the prior authorization process and improve the electronic exchange of health information that it estimates will save $15 billion over 10 years. Beginning primarily in 2026, certain payers will be required to include a specific reason when denying requests, publicly report certain prior authorization metrics and send decisions within 72 hours for urgent requests and seven calendar days for standard requests.
Medicare Advantage star ratings lawsuits
CMS revised Medicare Advantage star ratings for UnitedHealthcare and Centene after a court ruled in UnitedHealthcare's favor regarding disputed methodology involving "secret shopper" phone calls. The recalculations upgraded multiple contracts and restored millions in bonus payments. The case is part of broader legal challenges from insurers like Humana and Elevance Health, which have criticized CMS' rating methods, prompting recalculations that have impacted bonus payments industry-wide. Earlier in 2024, SCAN Health Plan and Elevance Health won similar lawsuits against CMS. SCAN's lawsuit prompted CMS to recalculate star ratings for all MA plans, resulting in over $1 billion in additional payments to health plans nationwide.
ERISA lawsuits
Large employers are facing lawsuits from employees over claims of mismanaging health and pharmaceutical benefits and violating their fiduciary duties under the Employee Retirement Income Security Act. Under the law, plan fiduciaries must act in the best interests of beneficiaries by seeking the lowest reasonable costs for services. Recent amendments, such as the Consolidated Appropriations Act of 2021, have heightened transparency requirements, leaving employers with new tools — and new pressures — to ensure compliance. Notable examples include lawsuits from Owens & Minor, Kraft Heinz, Wells Fargo and Johnson & Johnson.