Major Cyberattack on Health-Care Company Inflicts Widespread Damage on U.S. Hospitals and Patients
In a shocking turn of events, a major cyberattack on Change Healthcare, a pivotal health-care company owned by UnitedHealth Group, has caused widespread damage to hospitals, doctor offices, pharmacies, and millions of patients across the United States. Government and industry officials are calling it one of the most serious attacks on the health-care system in U.S. history.
Change Healthcare is a powerhouse in the health-care world, processing a staggering 15 billion claims totaling over $1.5 trillion annually. The company operates the largest electronic “clearinghouse” in the business, connecting health-care providers with insurance companies for payment purposes. It supports tens of thousands of physicians, dentists, pharmacies, and hospitals, handling 50 percent of all medical claims in the United States.
The cyberattack, carried out by a ransomware gang that was previously thought to have been crippled by law enforcement, resulted in the theft of patient data, encryption of company files, and a demand for money to unlock them. As a result, Change Healthcare had to shut down most of its network in February in an attempt to recover.
The impact of the attack is still being quantified, but it has affected many health-care organizations that rely on Change Healthcare’s systems to transmit patients’ health-care claims and receive payment. While the outage does not directly affect critical patient care systems, it has exposed a vulnerability that spans the entire U.S. health-care system. Patients are now facing difficulties in paying for their medications at pharmacies, and some organizations heavily reliant on Change’s platform are at risk of financial instability.
The severity of the impact varies depending on how much organizations relied on Change Healthcare. However, three senior officials at the Department of Health and Human Services have described it as a serious situation. Senate Majority Leader Charles E. Schumer has also expressed his concern and has urged the Centers for Medicare and Medicaid Services to make accelerated payments to impacted health care providers to alleviate the financial strain.
Molly Smith, group vice president for public policy at the American Hospital Association, has stated that this cyberattack is the most significant attack on the health-care system in U.S. history. Initially, hospitals faced challenges in discharging certain patients because they couldn’t get their medications filled. However, many of these disruptions have been resolved as health-care providers resort to manual claims submission.
In response to the attack, Optum, a health-services company also owned by UnitedHealth, has established a temporary assistance program to provide cash to organizations affected by the payment system outage. The Department of Health and Human Services is working closely with UnitedHealth to ensure the effectiveness of this program.
Switching from Change Healthcare to another vendor is not a straightforward process due to contractual agreements and technical reasons. While some rival vendors have created alternative solutions, they lack the same cleanup function that Change provides, resulting in many providers experiencing claim rejections.
The cyberattack on Change Healthcare is a wake-up call for the entire nation. Jose Arrieta, former chief information officer of HHS, emphasizes that the impact of an attack should be the primary concern rather than the size of the attack itself. He warns that everyone should take this incident as a warning, regardless of the sector they work in.
The consequences of the attack are far-reaching, with doctors like Craig Wax in southern New Jersey struggling with billing issues. Wax’s billing company relies on a software provider dependent on Change’s platform, forcing him to resort to submitting claims on paper forms. Critics of the U.S. health system, such as the Association of American Physicians and Surgeons, point to this incident as evidence of the risks associated with centralized networks and third-party payment systems.
Midsize to large hospital systems across the country have been affected by the cyberattack. The Minnesota Hospital Association reports that some of its members’ billing systems have been hamstrung, unable to process claims and receive reimbursement. The Massachusetts Hospital Association highlights the financial burden placed on hospitals as they disconnect from all of Change Healthcare’s systems. The University Hospital system in Cleveland experienced difficulties in patients’ ability to obtain prescription medications from retail and specialty pharmacies.
In Florida, the damage caused by the cyberattack could soon reach $1 billion, with hundreds of millions of dollars in weekly billings drying up. Mary C. Mayhew, president and CEO of the Florida Hospital Association, expresses frustration over the lack of substantial information from UnitedHealth, making the situation even worse for hospitals. Small and medium-sized hospitals, already dealing with tight margins and challenging cash flow situations, are particularly vulnerable.
The cyberattack on Change Healthcare has exposed vulnerabilities in the U.S. health-care system and has caused significant disruptions to hospitals, doctor offices, pharmacies, and patients across the nation. The severity of the impact is still being assessed, but it is clear that immediate action is needed to strengthen cybersecurity resiliency in the health-care ecosystem. The incident serves as a stark reminder
