Business News

Healthcare Hack Spreads Pain to Nation’s Hospitals and Doctors


The fallout from the hack of a little-known but essential healthcare company is inflicting pain on hospitals, doctor’s offices, pharmacies and millions of patients across the country. Government and industry officials call it one of the most serious attacks on health. -system of care in the history of the United States.

February 21 cyber attack on Change Healthcare, owned by UnitedHealth Group, has cut many healthcare organizations off from the systems they rely on to transmit patient healthcare requests and get paid. The ensuing outage does not appear to affect any of the systems that provide direct, critical patient care. But it exposed a vulnerability that affects the entire U.S. healthcare system, frustrating patients unable to pay for their medications at the pharmacy counter and threatening the financial solvency of some organizations that rely heavily on the Change platform.

Change Healthcare is a heavyweight in the healthcare world, processing 15 billion claims totaling more than $1.5 trillion annually, according to the company. said. It operates the industry’s largest electronic “clearinghouse,” acting as a conduit connecting health care providers to insurance companies that pay for their services and determine what patients owe. It supported tens of thousands of doctors, dentists, pharmacies and hospitals, processing 50% of all medical claims in the United States, the Justice Department wrote in a 2022 document. trial who unsuccessfully tried to block UnitedHealth from acquiring the company.

Citing internal company documents, prosecutors wrote that Change concluded that “the healthcare system… would not function without Change Healthcare.”

The hackers, a ransomware gang once thought to be crippled by law enforcement, stole patient data, encrypted company files and demanded money to unlock them. The company shut down most of its network in February to try to recover.

US prescription drug market in disarray following ransomware gang attacks

Quantifying impact remains a moving target, the severity of which depends on the extent to which organizations have leveraged change. But three senior officials at the Department of Health and Human Services described the situation as serious.

Senate Majority Leader Charles E. Schumer added to the urgency, sending a letter Friday to the Centers for Medicare and Medicaid Services, asking them to make expedited payments to hospitals, pharmacies and other providers that were affected by the outage. Patients can’t know whether insurance will cover treatment, while hospitals struggle to bill patients and receive their payments, the New York Democrat wrote.

“Delayed payments are costing America’s hospitals millions for every week this continues, and people are even struggling to get their prescriptions filled at their local pharmacy,” Schumer said in a statement Sunday. “That’s why I’m calling on CMS to use its authority to cut red tape and provide expedited and advanced payments to affected health care providers, as they have done during covid.”

“We recognize the impact this attack has had on health care operations,” an HHS spokesperson told the Washington Post, adding that the agency was working with UnitedHealth to avoid any disruption to patient care. The incident highlights “the urgency of building cybersecurity resilience across the ecosystem,” the spokesperson said.

Molly Smith, vice president of public policy at the American Hospital Association, said Sunday: “Our assessment is that this is the most significant attack on the health care system in the history of UNITED STATES. »

At one point, Smith said, the association heard from hospitals that weren’t discharging some patients because they couldn’t get their medications filled. Much of this disruption is being resolved as healthcare providers resort to manual submission of claims, she added.

Optum, a health services company that is also owned by UnitedHealth, said it has established a temporary assistance program to provide liquidity to organizations whose payment systems have been affected – short-term loans that are expected to be repaid once Change is back up and running. A senior HHS official said the agency is working with UnitedHealth to ensure the program is effective.

A UnitedHealth spokesperson said it had no updates Sunday, but noted it had brought in consultants and was working with law enforcement. Since the hack, UnitedHealth said that it has put in place “multiple workarounds to ensure people have access to the medications and care they need.”

According to industry officials and pharmacists, simply switching from Change to another provider is sometimes complex, due to contractual agreements and technical reasons. In addition to routing claims to insurance companies, Change also cleans claims information to ensure codes and other details are correct. Although some competing providers have created alternatives, Smith said, they don’t have the same cleaning function that Change provides, and many providers receive a lot of rejections.

“We have very, very imperfect workarounds at this point, which means the cash flow problems continue,” she said.

Jose Arrieta, former HHS chief information officer, said the cyberattack was among the most serious in health care in recent years, building on previous breaches.

“The scale of the attack does not matter. What matters is the impact,” Arrieta said. “And when you have the means to target a Fortune 5 business… everyone in the United States, no matter what industry you work in, should take this as a warning.

During his solo training in southern New Jersey, Craig Wax said his presentation was “upside down, upside down and on fire.” The doctor treats patients of all ages and accepts several types of insurance, relying on a small billing company that uses a software provider dependent on the Change platform.

“We’re going to go paperless” — submitting claims on paper forms — “and hope the insurance companies respond to the paper claims,” he said.

Some of the most persistent critics of the American healthcare system, like the Association of American Physicians and Surgeons – which opposes programs such as Medicarethe federal government’s health insurance program for older Americans — cite the Change Healthcare hack as another reason to be skeptical of the current payment model.

The group’s executive director, Jane Orient, said the incident “shows the catastrophe that can result from reliance on centralized networks and third-party payment.”

Mid- to large-sized hospital systems across the country were affected to varying degrees by the cyberattack, according to hospital groups.

The Minnesota Hospital Association said some of its members’ billing systems were crippled, unable to process claims and receive reimbursement. The Change Healthcare hack follows another local cyberattack that hit a radiology practice in Minnesota.

“There is growing concern regarding the prolonged impact on patient care and operational stability,” the association said in an email. “This weighs heavily on the financial viability of the health system.”

In an update to its members to be released Monday, the association representing Massachusetts hospitals said many of its members logged out of all Change Healthcare systems after learning of the hack.

Hospitals were scrambling to set up alternative payment plans with state insurance companies, the association said. “This is yet another layer of financial distress for a system that is already struggling to stay above water,” said Karen Granoff, senior director of managed care policy at the Massachusetts Hospital Association, in the update. up to date.

In Cleveland’s University Hospital system, the outage hampered patients’ ability to obtain prescription medications from retail and specialty pharmacies, although the hospital system’s in-house pharmacies were not affected, a spokesperson said. speak in a press release sent by email.

In Florida, meanwhile, hundreds of millions of dollars in weekly bills have dried up and damage could soon reach $1 billion, according to Mary C. Mayhew, president and CEO of the Florida Hospital Association.

“These hospitals built their operations around paying daily for the care they provide, and that came to a screeching halt – and we are now on day 11 since the attack,” she said.

The lack of substantive information from UnitedHealth has made the situation worse, she added, noting that switching to manual claims submission or finding another clearinghouse are not acceptable solutions. The latter could take 90 days, according to one of its member hospitals, she said.

And while larger systems might be able to weather the crisis by tapping into their reserves, Mayhew warned that most community hospitals find themselves victims of an attack on a commercial entity. which has created vulnerabilities due to its market dominance.

“If you’re a small or medium-sized hospital that’s already facing a very small margin and a difficult cash flow situation, it’s disastrous,” she said.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button