Change Healthcare Cyberattack Fallout Continues
Three months on from the catastrophic cyberattack on Change Healthcare, owned by UnitedHealth Group (UHG), the company’s patients continue to experience difficulties and delays.
UHG’s community health centres, which serve 30 million low-income and uninsured patients, are facing both delays to back payments and difficulties relating to operati
ons issues, Reuters reports.
Change Healthcare processes around 50% of all medical claims in the US, for an estimated 900,000 doctors, 33,000 pharmacies, 5,500 hospitals and 600 labs. It also runs other support services like call centres.
A third of US citizens face the threat of having personal data exposed on the dark web following the ransomware attack on the health insurance giant, UHG.
The cyberattack on February 21 this year earlier this year took down the company’s entire network, with hospitals, doctors’ offices, and pharmacies reduced to using phones and faxes to process claims and validate patients’ insurance.
It left hospitals unable to check the insurance benefits of in-patients, and unable to process authorisations for patient procedures and surgeries. Neither were they able to process billing for medical services.
Reuters has since spoken with five community health centres who say they are still reconciling older unpaid medical claims and tracking down missing payments. Three say they lost customers due to various hack-related disruptions.
Healthcare providers still facing UHG cyber breach fallout
"The negative longer-term consequences of this huge reimbursement disruption are worse for providers whose profit margin was slim to begin with," Assistant Professor of Division of Health Policy & Management, Hannah Neprash, at the University of Minnesota Twin Cities told Reuters..
"That is rural hospitals, safety net hospitals, and community health centres, any place that treats large shares of publicly insured patients," Neprash said.
UnitedHealth’s website says restoration of claims services is “underway or partly complete”.
In May, a congressional committee hearing grilled UHG CEO Andrew Witty about the cyberattack. Witty fielded heated questions from Senators on the House Energy and Commerce Committee about the company's failure to prevent the breach and contain its fallout.
Witty described the hack as causing “incredible disruption” across the healthcare system.
As of last month, the company had distributed $6.5 billion in loans to providers. About 34% went to ‘safety net’ hospitals and community health centres.
Although the health centres need more labour hours to cope with the fallout, Reuters reports they may have to cut jobs because of cash flow problems caused by overdue payments from insurers.
With insurance claims backlogged for months, paperwork justifying each payment makes up the bulk of the cyberattack's continued burden for providers, according to Terrence Cunningham, a policy director at the American Hospital Association.
In an April physician survey published by the American Medical Association, 91% of respondents said they needed to commit staff to recoup revenue lost to the hack.
Healthcare cyber security was in the spotlight again recently, after three major London hospitals were hit by a ransomware cyberattack that wreaked havoc across clinical services in the UK's capital.