The ongoing cyberattack on Change Healthcare, a major health-care payment processor, is causing significant financial strain on small private practices and health-care providers, as crucial reimbursement systems have been offline for nine days.
Change Healthcare provides tools for payment and revenue cycle management, facilitating transactions between providers and major insurance companies.
UnitedHealth Group, the parent company of Change Healthcare, discovered a breach in part of the unit’s information technology network on February 21. In response, the company immediately isolated and disconnected the impacted systems upon detecting the cyber threat.
United Healthcare (Credits: KTAR News)
The fallout from the cyberattack has led to disruptions across the U.S. health-care system. Doctors are unable to check patients’ eligibility for treatment or fill prescriptions electronically. Moreover, health-care providers are unable to receive reimbursements from insurers, disrupting many health systems’ revenue cycles.
Smaller and mid-sized practices, relying on reimbursement cash flow for operations, are facing tough decisions about staying afloat. Extended outages could lead to permanent closures for some practices.
Dr. Purvi Parikh, an allergist and immunologist in New York City, highlighted the challenges her practice faces due to the breach, noting the inability to receive reimbursements from insurers.
Switching to a new platform could take weeks, and Change Healthcare has not provided updates on when its systems are expected to be back online.
The cyberattack has been attributed to the ransomware group Blackcat, also known as Noberus and ALPHV, which steals sensitive data and threatens to publish it unless a ransom is paid.
Change Healthcare is working with law enforcement and third-party consultants, including Mandiant and Palo Alto Networks, to assess the breach.
While the company emphasizes that patient care is its top priority and alternative measures are in place, the ongoing uncertainty and lack of solutions are causing significant stress for health-care providers.
Dr. Kiranjit Khalsa, an allergist and immunologist in Scottsdale, Arizona, expressed concerns about reimbursement problems, considering cutting staff hours, and even closing the clinic for a few days.
The financial impact of the cyberattack raises worries about supporting patients and employees, with potential implications for clinic sustainability.
As the cyberattack continues, the affected health-care providers are grappling with increased administrative burdens, potential financial losses, and uncertainty about when normal operations will resume.
