[ad_1]
Change Healthcare is a giant in the healthcare world, processing 15 billion claims totaling more than $1.5 trillion annually, according to the company. says. It operates the industry’s largest electronic “clearinghouse,” acting as a conduit connecting healthcare providers with insurance companies that pay for their services and determine what patients owe. It supported tens of thousands of doctors, dentists, pharmacies and hospitals, handling 50 percent of all medical claims in the United States, the Justice Department wrote in a 2022 report. lawsuit who tried unsuccessfully to prevent UnitedHealth from acquiring the company.
Citing internal company documents, prosecutors wrote that Change had concluded that “the healthcare system … would not function without Change Healthcare.”
The hackers, a ransomware gang once thought to have been crippled by law enforcement, stole patient data, encrypted company files and demanded money to unlock them. The company shut down most of its network in February as it tries to recover.
Quantifying impact remains a moving target, and the severity depends on how much organizations relied on the change. But three senior officials at the Department of Health and Human Services described it as serious.
Adding to the urgency was the Senate majority leader, Charles E. Schumer, who sent a letter to the Centers for Medicare and Medicaid Services on Friday, asking them to make accelerated payments to hospitals, pharmacies and other providers that have been affected by the outage. Patients can’t get information about whether insurance will cover a treatment, while hospitals struggle to bill patients and receive payments, the New York Democrat wrote.
“Delayed payments are costing hospitals across America millions for every week this continues, and people are even struggling to get prescriptions filled at their local pharmacy,” Schumer said in a statement Sunday. “That’s why I’m calling on CMS to use their authority to cut through red tape and provide accelerated, advance payments to affected healthcare providers just as they did during Covid.”
“We recognize the impact this attack has had on healthcare operations,” an HHS spokesperson told the Washington Post, adding that the agency is working with UnitedHealth to avoid disruptions to patient care. The incident underscores the “urgency of strengthening cybersecurity resilience across the ecosystem,” the spokesperson said.
Molly Smith, vice president of the American Hospital Association’s public policy group, said Sunday that so far, “Our assessment is that this is the most significant attack on the health care system in American history.”
At one point, Smith said, the association heard of hospitals not discharging certain patients because they couldn’t get their medications. Much of that disruption is being addressed as health care providers resort to manually submitting claims, he added.
Optum, a health services company that is also owned by UnitedHealth, said it has established a temporary assistance program to extend cash to organizations whose payment systems have been affected – short-term loans that should be repaid once Change is back up and running. A senior HHS official said the agency is working with UnitedHealth to ensure the program is effective.
A UnitedHealth spokesperson said it had no update Sunday, but noted it has hired consultants and is working with authorities. Since the hack, UnitedHealth has said which has adopted “multiple solutions to ensure people have access to the medicines and care they need.”
Simply switching from Change to another supplier is sometimes complex, according to industry officials and pharmacists, due to contractual agreements and technical reasons. In addition to submitting claims to insurance companies, Change also deletes claim information to ensure codes and other details are correct. While some rival vendors have created some alternatives, Smith said, they don’t have the same cleanup functionality that Change provides and many vendors are getting a lot of pushback.
“We have very, very imperfect solutions right now, which means cash flow problems persist,” he said.
José Arrieta, former HHS chief information officer, said the cyberattack was one of the most serious in the healthcare sector in recent years, based on previous breaches.
“The size of the attack does not matter. What matters is the impact,” Arrieta said. “And when you have the means to target a Fortune 5 company…everyone in the United States, no matter what sector they work in, should take this as a warning.”
At his solo practice in southern New Jersey, Craig Wax said his billing is “upside down, upside down and on fire.” The doctor sees patients of all ages and accepts multiple types of insurance, depending on a small billing company that uses a software provider dependent on Change’s platform.
“We’re going to go paperless” – submitting claims on paper forms – “and expect insurance companies to respond to paper claims,” he said.
Some of the most persistent critics of the U.S. healthcare system, such as the Association of American Physicians and Surgeons, which opposes programs like Medicare, the federal government’s health insurance program for older Americans, point to Change’s hack Healthcare as another reason to be skeptical. of the current payment model.
The group’s chief executive, Jane Orient, said the incident “shows the catastrophe that can result from reliance on centralized networks and third-party payments.”
Medium and large hospital systems across the country were affected to varying degrees by the cyberattack, hospital groups say.
The Minnesota Hospital Association said some of its members’ billing systems have been paralyzed, unable to process claims and receive reimbursements. The Change Healthcare hack follows another local cyberattack that hit a radiology practice in Minnesota.
“There is growing concern about the prolonged impact on patient care and operational stability,” the association said in an email. “This places a significant burden on the financial sustainability of the healthcare system.”
In an update to its members that was scheduled to be released Monday, the association representing Massachusetts hospitals said many of its members were logged off from all Change Healthcare systems after learning of the hack.
Hospitals were struggling to establish alternative payment pathways with the state’s insurance companies, the association said. “It’s another layer of financial hardship on a system that is already struggling to stay afloat,” Karen Granoff, senior director of managed care policy at the Massachusetts Hospital Association, said in the update.
At the University Hospital of Cleveland system, the outage hampered patients’ ability to fill prescriptions at retail and specialty pharmacies, although the hospital system’s in-house pharmacies were not affected, a spokesperson said in an emailed statement.
Meanwhile, in Florida, hundreds of millions of dollars in weekly billing have dried up and damages could soon reach $1 billion, according to Mary C. Mayhew, president and CEO of the Florida Hospital Association.
“These hospitals built their operations around daily payments for the care they provide, and that has stopped abruptly, and we are now on day 11 since the attack,” he said.
UnitedHealth’s lack of substantive information has made the situation worse, he added, noting that moving to manual claims submission or finding another clearinghouse are not acceptable solutions. The latter could take 90 days, according to one of its member hospitals, he said.
And while larger systems can weather the crisis by tapping into reserves, Mayhew warned that most community hospitals are finding themselves the victims of an attack on a commercial entity. that created vulnerabilities through its dominance in the market.
“If you are a small or medium-sized hospital that is already facing a very small margin and a difficult cash flow situation, this is disastrous,” he said.