The Cyberattack Shaking Healthcare to Its Core

The Cyberattack Shaking Healthcare to its Core

By now, you may have heard of or read something about the brutal cyberattack that hit UnitedHealth Group (UHG) subsidiary Change Healthcare. The scope of the breach was massive, and is said to have affected, or outright disrupted, every major facet of the healthcare industry.

So, what happened? What was the government asked to do to help? What does the fallout look like? And what actions has the government actually taken? Here is the Cliffs Notes version.

Change Healthcare, which connects hospitals and pharmacies with insurers, has had most of its systems offline since a Feb. 21 data breach, impeding claims and prescription processing nationwide. UHG has stated that systems will remain down until a later date in March.

According to the American Hospital Association (AHA), this is the most significant and consequential incident of its kind to impact the U.S. healthcare system in history. The AHA noted that Change Healthcare processes 15 billion healthcare transactions annually, and touches one in every three patient records.

The outage has widely affected billing, eligibility checks, prior authorization requests, and prescription fulfillment, and could spur greater emphasis on enhancing protocolsand greater oversight from the federal government.

In the wake of the attack, the feds have become involved.

First, the Centers for Medicare & Medicaid Services (CMS) issued a statement on the attack and guidance to Medicare Advantage (MA) and Part D sponsors to continue providing access to benefits by removing certain requirements – and to offer advanced funding, in some cases. CMS said it is in “communication with UHG” and “meeting with private health plans.”

Senators asked CMS itself to make accelerated and/or advanced payments available to affected providers and to streamline claims processing as well as payments.

The White House’s National Security Council has been asked to look into financial relief for hospitals, using funds from the U.S. Department of Health and Human Services (HHS) and Department of Veterans Affairs (VA).

HHS has been asked to help guarantee flexibility regarding timely filing requirements of claims, to extend timelines for appeals, and to reevaluate what counts as “critical infrastructure,” which would afford healthcare organizations more federal data breach protections.

However, none of these were able to stop or mitigate the staggering fallout from the breach.

Reports suggest that the cyberattack has impacted many insurers’ ability to track medical expenses. At the same time, insurers are observing a significant reduction in claims data following the breach, while UHG is contending with threats of litigation from patients: at least six cases seeking class-action status have been filed since the cyberattack, alleging that Change didn’t have reasonable cybersecurity measures in place.

Providers nationwide have been dealing with service delays, coping with an inability to receive and finalize reimbursements or check insurance eligibility, and hemorrhaging money.

Following all of this, CMS announced new flexibilities and relief efforts for physicians and other providers and suppliers. In particular, they made applications available for accelerated payments for Medicare Part A and B providers, directed Medicare Administrative Contractors (MACs) to expedite actions needed for providers and suppliers to change clearinghouses, urged Medicaid managed care plans to make prospective payments, and provided public information on how to submit requests for accelerated or advance payments.

While it’s still unknown how helpful these federal actions will be, we do know they are a far cry from fixing the underlying problem. The damage from the Change Healthcare data breach is extensive, and so too will be the effort to pick up the pieces.

More generally, it demonstrates how complex, interconnected, and fragile the healthcare ecosystem is. As such, the response could serve as a model for how future cyberattacks on healthcare organizations are handled – and approaches to help prevent them.

Stay vigilant, because government needs all the help it can get.

Print Friendly, PDF & Email
Facebook
Twitter
LinkedIn

Adam Brenman

Adam Brenman is a Federal Legislative Analyst at Zelis Healthcare. He previously served as Manager of Public Policy at WellCare Health Plans, where he led an analyst team in review, analysis, and development of advocacy materials related to state and federal legislation/regulatory guidance. He holds a master’s degree in Public Policy & Administration from Northwestern University and has also worked as a government affairs rep/lobbyist for a national healthcare provider association.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Navigating AI in Healthcare Revenue Cycle: Maximizing Efficiency, Minimizing Risks

Navigating AI in Healthcare Revenue Cycle: Maximizing Efficiency, Minimizing Risks

Michelle Wieczorek explores challenges, strategies, and best practices to AI implementation and ongoing monitoring in the middle revenue cycle through real-world use cases. She addresses critical issues such as the validation of AI algorithms, the importance of human validation in machine learning, and the delineation of responsibilities between buyers and vendors.

May 21, 2024
Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.

April 9, 2024
2024 Observation Services Billing: How to Get It Right

2024 Observation Services Billing: How to Get It Right

Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.

March 21, 2024
Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Explore the top-10 federal audit targets for 2024 in our webcast, “Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets,” featuring Certified Compliance Officer Michael G. Calahan, PA, MBA. Gain insights and best practices to proactively address risks, enhance compliance, and ensure financial well-being for your healthcare facility or practice. Join us for a comprehensive guide to successfully navigating the federal audit landscape.

February 22, 2024
2025 IPPS Masterclass Day 3: MS-DRG Shifts and NTAPs

2025 IPPS Masterclass Day 3: MS-DRG Shifts and NTAPs

This third session in the ICD10monitor 2025 IPPS Masterclass will feature a review of FY25 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by senior healthcare consultant Laurie Johnson, with bonus insights and analysis from CDI expert Dr. Erica Remer.

August 15, 2024
2025 IPPS Masterclass Day 2: Master ICD-10-PCS Changes

2025 IPPS Masterclass Day 2: Master ICD-10-PCS Changes

This second session in the ICD10monitor 2025 IPPS Masterclass will feature a review of the FY25 changes to ICD-10-PCS codes, presented by senior healthcare consultant Laurie Johnson, with bonus insights and analysis from CDI expert Dr. Erica Remer.

August 14, 2024
2025 IPPS Masterclass Day 1: Master ICD-10-CM Changes

2025 IPPS Masterclass Day 1: Master ICD-10-CM Changes

This first session in the ICD10monitor 2025 IPPS Masterclass will feature a review of FY25 changes to ICD-10-CM codes and guidelines, SDoH, CCs/MCCs and revisions to the MCE, presented by senior healthcare consultant Laurie Johnson, with bonus insights and analysis from Dr. Erica Remer.

August 13, 2024
2025 IPPS Masterclass: Final Rule Update with Expert Insights and Analysis

2025 IPPS Masterclass: Final Rule Update with Expert Insights and Analysis

Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY25 Inpatient Prospective Payment System (IPPS) Final Rule, including new ICD-10-CM/PCS codes, plus insights, analysis and answers to questions from the country’s most respected subject matter experts.

August 13, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

Happy World Health Day! Our exclusive webcast, ‘2024 SDoH Update: Navigating Coding and Screening Assessment,’  is just $99 for a limited time! Use code WorldHealth24 at checkout.

SPRING INTO SAVINGS! Get 21% OFF during our exclusive two-day sale starting 3/21/2024. Use SPRING24 at checkout to claim this offer. Click here to learn more →