Change Healthcare cybersecurity attack: What does this mean for my practice?

On February 21, 2024, a ransomware attack on Change Healthcare impacted healthcare organizations across the United States. Change Healthcare connects with 1 in every 3 patient records in the US. By processing 15 billion electronic healthcare transactions a year, Change Healthcare is one of the largest clearinghouses in the industry. 

The American Hospital Association has stated that the attack against Change Healthcare is “the most serious incident of its kind leveled against a U.S. healthcare organization.” 

The industry impact of this cyberattack has far-reaching consequences — affecting an estimated 800,000 physicians, 117,000 dentists, 60,000 pharmacies, 5,500 hospitals, and nearly all government and commercial players. 

Keeping up with this situation can help healthcare businesses mitigate consequences and financial setbacks and safeguard patients from detrimental care disruptions. This overview will bring you up to date on the Change Healthcare cyberattack.

Change Healthcare is a subsidiary of Optum healthcare technology company.

Providing a range of digital services, Change Healthcare handles patient records sharing, revenue cycle management, insurance verification, and Rx processing. On February 21, 2024, a hacker group known as Alphv/BlackCat carried out a ransomware attack on Change Healthcare, which caused an immediate shutdown of all their systems. 

Once aware of the attack, Optum’s parent company, United Healthcare Group (UHG), fully disconnected Change Healthcare; the attack appears to be confined to Change Healthcare without affecting other UHG entities. Change Healthcare has involved government and third-party security agencies to assist in remediation.

The impact of this shutdown is believed to be affecting over $100 million in provider reimbursement daily, with possible provider impacts including: 

As of March 6, 2024, Change Healthcare continues to experience an interruption in service to some eligibility checks, claim submissions, clearinghouse reports, and electronic remittance (ERA) processing.

Next, let’s explore exactly what ransomware attacks involve and who they impact in this particular case. 

Ransomware is a type of malicious software (malware) designed to block access to a computer system or files until a sum of money, or ransom, is paid. It typically encrypts the victim's files, making them inaccessible, and then demands payment in exchange for the decryption key. Ransomware attacks can target individuals, businesses, or even entire organizations.

Public reports state that the Change Healthcare attack caused extensive service disruptions. So far, no reports suggest that patient data has been compromised. However, before taking down their website, Alphv/BlackCat claimed to have stolen 6TB of data in the Change Healthcare attack.

The Change Healthcare cyberattack impacts hospitals, medical billing companies, practices, providers, and patients. The service disruptions affecting patients include eligibility verification and prescription processing, potentially causing medication interruptions or delayed care. 

Business operations for providers, practices, and billing entities, such as claims, billing, revenue cycle management, and payments, are also impacted. 

The Change Healthcare ransomware attack has had a profound effect on impacted practices and medical billing companies. 

Handling a backlog of prescriptions, billing, and insurance claims may cause a burden for administrative teams and increase operational costs. Operational disruptions can cause reimbursement delays and interfere with cash flow. 

Your practice will be concerned about how the service disruptions could compromise care quality and patient experience. 

Let’s turn to the specific concerns of the Change Healthcare ransomware attack.

Medical practices are experiencing significant revenue impacts following the recent cyberattack. 

Smaller providers are facing cash shortages, while larger hospital chains are unable to process payments, forcing some to absorb upfront costs. This disruption in payment processing has resulted in overdue payments owed to medical practices, with the full extent of the financial fallout still unfolding. 

The American Hospital Association has recommended that healthcare organizations using the affected system disconnect from Optum, the United subsidiary operating the Change platform. 

Phil Seubring, legal director at Forensic Fluids, a Michigan lab that conducts drug testing for doctors' offices, says, "We are 100 percent down when it comes to billing right now.” 

Jenna Wolfson, a Felton, California-based clinical social worker who provides therapy to about 30 clients a week, comments, "I'm not getting paid."

Jenna currently has around $4,000 in claims in limbo.  

"This could be catastrophic for me and other small business mental health practitioners," Wolfson says. 

Tebra recommends that if your practice is directly linked to Change Healthcare, try and hold onto claims a little longer if possible. You can also communicate directly with payers that pass through Change to mitigate issues. For example, the payer may agree to a temporary flexibility or exceptions based on the needs of your practice.

It’s important to pay attention to the timely filing limits, stay in touch with your payer, and understand your exception policy. Check the payments list and see if you can resubmit based on re-enabled connections. Try to avoid paper-based claims, as this can cause delays. If your exception policy does not provide any reprieve, and if you need to, carry out direct data entry (DDE). 

Optum has a temporary funding assistance program to help providers whose payments from payers are impacted. Once normal payment operations resume, the funds will simply need to be repaid. No fees. No interest. No other associated costs. This program is for those whose payment distribution has been impacted; not for providers who have had claims submission disruptions.

The cyberattack on Change Healthcare isn't just causing delays in filling prescriptions. It's also having a wider impact on healthcare delivery in several ways.

Firstly, some practices are struggling to verify insurance eligibility for new patients. This means they might be unable to schedule appointments or accept new patients until the issue is resolved.

Secondly, submitting requests for prior authorization, which are often needed for certain treatments or medications, is also facing delays due to the outage. This can cause complications and hold-ups in patients receiving necessary care.

Furthermore, pharmacies are encountering difficulties accessing accurate insurance information. This can lead to unreliable estimates for patients’ prescriptions, potentially creating confusion and unexpected financial burdens.

The United Health Group comments, “We’ve made progress in providing workarounds and temporary solutions to bring systems back online in pharmacy, claims, and payments. We continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action.”

If your practice deals directly with Change Healthcare for Rx services, a new version of their ePrescribing system was made available on March 1, 2024. 

e-Prescribe is available for pharmacies to receive electronic payments. So far, Change Healthcare has processed more than 3 million transactions, with volume increasing daily as more system vendors reconnect. 

As a result of workarounds and systems coming back online, pharmacy claims are flowing at near-normal levels. While some pharmacies are still unable to submit claims, progress is being made toward full restoration.   

Jeremy Nordquist, President of the Nebraska Hospital Association (NHA), explains, “the cyberattack on Change Healthcare is impacting the operations of most Nebraska hospitals.”

Hospital procedures impacted by this cyberattack include:

Unfortunately, the Change Healthcare ransomware attack has resulted in scammers targeting Nebraska patients.

Bryan Health has received multiple reports of scammers reaching out to patients claiming to be representatives from hospitals across Nebraska and surrounding areas. Scammers are reportedly telling patients they’re entitled to a full refund if they provide them with a credit card number.

Bryan Health emphasizes that they will never ask for a credit card number over the phone to initiate a refund of payment. If you have any questions or receive a suspicious call, contact them at (877) 577-9277.

The precise impact on your practice depends on multiple factors, such as whether you work directly with Change Healthcare or how many of your payers and other partnerships rely on the Change Healthcare system.

On March 5, 2024, the US Department of Health and Human Services (HHS) released a statement announcing flexibilities for Medicare providers designed to ensure continuing care delivery. These include expedited claims processing, relaxing of prior authorization, exceptions, waivers, and extensions.  

In the statement, the HHS said that the Change Healthcare attack “is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resilience across the ecosystem.” 

Existing government initiatives are already dedicated to strengthening resilience against cyberattacks, and the Change Healthcare incident should prompt a further intensification of these efforts.

This incident serves as a wake-up call for the entire healthcare industry — cyberattacks can have devastating consequences.

To protect essential data, both practices and billing companies should review their own security protocols. Investments of time, labor, and staff training will be worth the effort towards preventing future attacks of this nature. 

The attack on Change Healthcare, a key player in healthcare data exchange, demonstrates the far-reaching consequences of cyberattacks in the healthcare industry.

While the attack caused significant disruption, Change Healthcare's swift action in disconnecting their systems to prevent further damage is a valuable lesson. This highlights the importance of having a well-defined response plan and taking immediate action to mitigate the impact of cyberattacks.

This attack highlights the vulnerability of the healthcare industry to cyberattacks due to the sensitive nature of patient data and the interconnectedness of systems. It emphasizes the need for increased investment in cybersecurity measures across the industry.

The attack caused significant financial losses for healthcare providers due to delayed payments and disruptions in billing and claims processing. Financial contingency plans are essential to manage the financial impact of such events.

The attack also created opportunities for scammers to target patients with fraudulent calls and requests for personal information. Patients must be vigilant and aware of such scams, and healthcare providers must educate patients about cybersecurity best practices.

The involvement of government agencies, third-party security companies, and industry stakeholders in the response to the attack highlights the importance of collaboration in addressing cyber threats.

The HHS's announcement of flexibilities for Medicare providers demonstrates the need for the healthcare system to be adaptable and responsive in the face of unforeseen challenges.

As of March 5, 2024, the Change Healthcare cyberattack is ongoing. Look for updates on The Intake as the situation continues to develop.

Additional support for your practice: