In the aftermath of a cyberattack on Change Healthcare, a critical subsidiary of UnitedHealth Group, patients across the country are grappling with the consequences, now extending into the third week. The attack, detected on February 21, has disrupted essential systems used for medical billing and insurance claims, resulting in a cascade of challenges for pharmacies, doctors’ offices, and, most critically, patients.
Change Healthcare, responsible for 15 billion transactions annually, totaling $1.5 trillion in health claims, reported that the hack affected 21 parts of its business. This includes key functions such as processing payments, reimbursing insurers, and determining patients’ insurance eligibility. Dr. Jesse Ehrenfeld, the president of the American Medical Association, emphasized the widespread implications, affecting routine medications, rebate programs, and even clearance for elective surgeries.
UnitedHealth Group swiftly took action to disconnect Change Healthcare’s systems to prevent further impact, leaving services offline until safety can be assured. However, the disruption has had severe consequences, particularly in areas such as copay assistance and coupon card processing at pharmacies. Laura Lester, owner of Marion Family Pharmacy in Virginia, highlighted the impact on patients unable to afford medications without copay assistance, ranging from diabetes medicines to antipsychotics and ADHD medications.
Patients relying on copay assistance faced additional challenges. Donna Hamlet, a breast cancer patient in Florida, shared her ordeal of being unable to refill her $16,000 monthly medication due to the cyberattack. The potential consequences of not obtaining the medication were dire for Hamlet, emphasizing the life-and-death stakes involved.
The repercussions also extend to medical practices, with billing delays affecting charges worth millions. Nathan Walcker, CEO of a Florida institute treating cancer patients, expressed concerns about prior authorizations being stalled, critical for treatments costing up to $100,000 per course. The Centers for Medicare and Medicaid Services have urged programs to ease prior authorizations during the outage and consider advance funding for healthcare providers.
UnitedHealth Group reported that around 90% of claims were flowing uninterrupted as of Tuesday, with temporary fixes and systems gradually coming back online. The company encourages healthcare providers to switch to an Optum system for faster claims processing and payments. However, concerns arise as providers find temporary loans offered by Optum insufficient to cover their needs during the revenue halt.
The hack has exposed vulnerabilities in the healthcare sector, raising questions about cybersecurity standards. Dr. Mayank Amin, owner of Skippack Pharmacy in Pennsylvania, questioned the delay in finding a solution for small pharmacy owners, emphasizing the need for systemic improvements.
While Change Healthcare identified the perpetrator as “ALPHV/Blackcat,” experts point to a potential ransom payment of over $22 million made by UnitedHealth, further raising cybersecurity concerns. Eric Noonan, CEO of CyberSheath, emphasized the need for mandatory minimum cybersecurity standards across critical infrastructure sectors, including healthcare.
As patients continue to grapple with the fallout, the incident underscores the broader vulnerabilities in the healthcare system, necessitating a collective effort to strengthen cybersecurity measures and ensure the uninterrupted delivery of essential healthcare services.