The U.S. healthcare sector has been reeling in the aftermath of a devastating attack on Change Healthcare, the nation’s largest medical claims clearinghouse. The attack, described by the American Hospital Association as “the most serious incident of its kind” to strike the industry, has had a severe and far-reaching impact, crippling revenue flow for medical providers across the country.
Ransomware Disruption and Investigations
The ransomware group ALPHV, also known as BlackCat, has claimed responsibility for the attack, which forced Change Healthcare to disconnect more than 100 of its systems on February 21st. Since then, the company has been unable to process medical claims through its primary platforms. UnitedHealth Group, the owner of Change Healthcare, is now under investigation by the Department of Health and Human Services (HHS) over its handling of patient data amid the ransomware incident.
Devastation for Healthcare Providers
The fallout from the attack has pushed many healthcare organizations to the brink of closure. Physician-owned medical groups, psychiatry practices, and private practitioners across the U.S. have seen their cash flow dry up, forcing some to furlough staff or dip into their funds to meet payroll. A Pennsylvania care home, the Jefferson Hills Healthcare and Rehabilitation Center, even cited the cyberattack as one of the reasons for shutting its doors.
Ripple Effects Across the Industry
The impact of the Change Healthcare outage has been felt far and wide. Dr. Bryan Turner, a family medicine physician in Salt Lake City, Utah, described the situation as “a disaster,” with his practice considering taking out a loan to cover expenses. In Pennsylvania, the Kane Community Living Centers were informed of Jefferson Hills’ closure and had to transfer 35 patients to their senior centers on short notice.
Change Healthcare has been working diligently to restore its various platforms and services. As of March 7th, the company’s pharmacy services were largely back online, and its electronic funds transfer platform went live on March 15th. The Assurance platform for claims preparation was back online as of March 18th, and as of March 22nd, the company had staged $14 billion in claims, ready for transmission.
The healthcare provider has been collaborating with major technology firms, including Alphabet’s Mandiant and Palo Alto, to provide attestations that its systems are secure and ready for a full resumption of operations. The company has also been working closely with payers and other clearinghouses to ensure there is enough capacity to handle the expected surge in claims.
UnitedHealth’s Response and Emergency Funding
UnitedHealth Group, the owner of Change Healthcare, has expressed a “deep sense of responsibility for recovery” and is working to ensure that healthcare providers can continue to care for their patients and run their practices. The company has launched an emergency funding program, providing interest- and fee-free loans to struggling medical providers. However, some applicants have initially reported that the funds offered were tiny compared to their expenses.
Financial Toll on the Industry
The financial impact of the Change Healthcare cyberattack on the healthcare industry has been staggering. An American Hospital Association (AHA) survey of 1,000 hospitals found that 60% of respondents said the impact on revenue was $1 million or more per day. The Massachusetts Health and Hospital Association estimates the outage is costing the state’s healthcare system around $24.2 million per day.
The federal government has taken several steps to address the crisis. The HHS has launched an investigation into the incident to determine whether hackers breached patient data and if UnitedHealth complied with health privacy laws. Lawmakers, including Senate Majority Leader Chuck Schumer, Senator Maggie Hassan, Senator Mark Warner, and Representative Ruben Gallego, have also become increasingly involved, issuing statements and sending letters to federal agencies.
In response to the crisis, the Centers for Medicare and Medicaid Services (CMS) has said it will accept applications for accelerated payments, similar to a program implemented during the COVID-19 pandemic, on a case-by-case basis. The agency has also stated that prior authorization requirements should be waived for the duration of the outage.
Ongoing Challenges and the Path Forward
As the healthcare industry works to recover from the devastating effects of the Change Healthcare cyberattack, the road ahead remains challenging. With the financial toll estimated to be in the millions of dollars per day for many providers, the long-term impact of this incident is yet to be fully understood. However, the collaborative efforts of healthcare organizations, technology firms, and the federal government suggest a determination to support the industry and ensure the continuity of care for patients across the United States.
