Understanding the Impact of the Change Healthcare Cyberattack on Providers

March 01, 2024 - Change Healthcare suffered a cyberattack on February 21st at the hands of the notorious BlackCat/ALPHV ransomware group, forcing it to take its systems offline.

As the sector enters the second week of outages, operational disruptions and cash flow problems persist, with no timeline for when Change Healthcare, which is part of Optum and owned by UnitedHealth Group, will bring its systems back online.

For providers, that has meant delays in processing claims for payment, which represents a key revenue source for hospitals and independent practices alike. Patients have also felt the effects of this attack, as cost estimation services remain unavailable and some patients are unable to get their prescriptions or have to self-pay for medication.

Major pharmacy chains such as CVS and Walgreens have experienced disruptions due to the attack. Tricare, which serves US service members and their families, said that the incident had impacted "all military pharmacies worldwide."

But it is not just large organizations that are being impacted by the cyberattack fallout.

Jenna Wolfson, LCSW, owner of River Rock Wellness in Felton, California, told HealthITSecurity that the impact that the outages have had on her workflow has been “devastating.”

Wolfson has operated her private practice since 2015 and serves approximately 30 patients per week as a social worker, specializing in family work, substance use issues, and trauma. Wolfson, who has not been able to receive any payments due to the cyberattack, said she has been keeping diligent billing records as unpaid claims pile up.

 “I mean, I never saw this coming,” Wolfson said. “I have issues with denials because there's wrong information that an insurance company has, or somebody needs to turn in a form they haven't turned in, or the insurance company did something wrong. Those things happen. But it didn't even occur to me that something like this could happen.”

Wolfson typically submits claims through TherapyNotes, an EHR, practice management, and billing platform that relies on Change Healthcare as a clearinghouse. Amid the outage, TherapyNotes has offered customers a way to download 5010 claim data files so that providers can upload them into a separate clearinghouse, such as Availity, which is now offering connectivity for healthcare organizations impacted by the Change Healthcare cyber incident.

“You are welcome to queue up claims and we will submit them when services are operational again, if you are able to wait. This is the least amount of work for you at this time, but obviously payments will be delayed,” TherapyNotes said in its latest update to customers.

“We still do not have a timeline for a return of service. If we had to guess we feel we still have a couple weeks to go. We will let you know when we hear more. We have another conference call scheduled Friday.”

Wolfson said she is considering using a separate clearinghouse but is concerned about how much this change would add to her already heavy workload.

“I don't know how long this is going to last, so by the end of next week, if we haven't made any progress, then I'm going to have to figure all of that out so that I can get paid,” she added.

Wolfson said her colleagues have shared similar experiences with her. While bigger organizations may have deeper cash reserves to fall back on, that is not the reality for many small practices.

“There are people right now that might not see payment on the work that they're doing today for months, and they still have an entire practice to keep above water,” Wolfson noted.

Industry groups have been vocal about the ways that this incident has impacted providers and have urged HHS to take action and provide relief.

In a February 26th letter to HHS, the American Hospital Association (AHA) acknowledged that while the full scope of this cyberattack is still unknown, Change Healthcare’s nationwide presence suggests that the impacts will be far-reaching.

Change Healthcare processes 15 billion healthcare transactions annually, and touches one in every three patient records.

“After all, without this critical revenue source, hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services,” the AHA stated.

“In addition, replacing previously electronic processes with manual processes will add considerable administrative costs on providers, as well as divert team members from other tasks. It is particularly concerning that while Change Healthcare’s systems remain disconnected, it and its parent entities benefit financially, including by accruing interest on potentially billions of dollars that belong to health care providers.”

The AHA urged HHS to continue to communicate with the provider community, offer guidance to providers about how they can request Medicare advanced and accelerated payments, and provide enforcement discretion related to good faith estimates.

The Medical Group Management Association (MGMA) reported similar impacts from its members, citing “substantial” billing and cash flow disruptions. MGMA urged HHS to offer guidance, financial resources, and enforcement discretion as this incident unfolds.

This cyberattack has impacted the workflows of providers everywhere, leaving few organizations untouched.