• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Change Healthcare cyberattack: UnitedHealth Group payments surpass $3 billion, lawmakers seek answers


The parent company of Change Healthcare has sent more money to providers, and members of Congress want to know more about the incident. Nearly all hospitals have been affected.

More than a month after the Change Healthcare cyberattack was first reported, hospitals and other providers are continuing to encounter difficulties.

UnitedHealth Group, Change Healthcare’s parent company, has now distributed $3.3 billion in payments to providers, the company said this week. Hospitals have seen interruptions in payments for services, submitting claims, processing prescriptions and other tasks due to the cyberattack.

The U.S. Department of Health & Human Services and the Administration for Strategic Preparedness & Response released a resource guide this week for healthcare providers to get assistance from health plans and payers. In a letter accompanying the guide, the agencies noted that health centers, pediatricians, infusion centers and home-based providers are experiencing cash flow disruptions.

“As many of you have experienced, the impacts of the cyberattack against Change Healthcare have continued to disrupt provider billing and claims operations,” the letter stated.

“We also continue to hear from providers that you have sometimes had difficulty getting answers from healthcare plans about the availability of prospective payments or the flexibilities you may need while the Change Healthcare platform is unavailable,” the federal agencies’ letter stated.

Almost all of the nation’s hospitals have seen some financial impact from the cyberattack.

More than 9 in 10 hospitals (94%) have endured some financial difficulties, according to a survey released by the American Hospital Association earlier this month. Nearly 60% of the hospitals said the impact on their revenue has been $1 million per day or greater. Roughly three-quarters of hospitals (74%) said the attack has affected patient care.

Medical groups and cancer practices have also been hurt by the fallout of the cyberattack.

The federal government has said it is accelerating Medicare payments to hospitals and health systems, but hospitals have asked Congress to help speed up the aid. The Centers for Medicare & Medicaid services can only offer expedited aid for a short period of time, and hospitals say they need more help in a timely fashion.

Federal officials say they are pressing UnitedHealth Group and other insurers to advance payments to hospitals and other providers. Change Healthcare processes 15 billion transactions annually and is involved in one in every three patient records, federal officials say.

Members of Congress are asking more questions about the attack.

This week, U.S. Rep. Jamie Raskin, D-Md., sent a letter to UnitedHealth Group CEO Andrew Witty asking for information about the cyberattack.

Raskin, the ranking Democrat on the House Committee on Oversight and Accountability, cited a March 13 briefing of committee staff from the Cybersecurity Infrastructure and Security Agency on the attack. CISA said it was “handcuffed in this instance because of the lack of transparency and lack of information” from UnitedHealth and Change Healthcare, Raskin wrote in the letter.

In the letter, Raskin asked UnitedHealth to provide more information on the scope of the attack, the private health information involved, and what measures the company is taking to improve cybersecurity in light of the attack. He asked for answers by April 8.

“Change Healthcare’s prolonged outage as a result of the cyberattack has already had ‘significant and far-reaching’ consequences for patients, physicians, and thousands of hospitals, pharmacies and medical practices, and is disrupting patients’ timely access to affordable medication and treatments,” Raskin wrote.

A bipartisan group of nearly 100 members of Congress sent a letter to HHS Secretary Xavier Becerra about the Change Healthcare cyberattack. They noted the financial challenges facing healthcare providers, particularly smaller practices who don’t have the resources to deal with long interruptions in payments. Lawmakers urged the health department to advance payments to providers as quickly as possible.

“While smaller practices potentially face possible closure, larger practices still face an inability to meet payroll,” the letter stated.

The lawmakers also noted the impact on patients who have paid the full cost of their medication while they await insurance coverage for those drugs.

“Our offices have received concerns from constituents who have paid out-of-pocket for their medical supplies with no known solution for how to make them whole. We are worried about our constituents’ ability to afford these expenses,” the letter stated.

In the wake of the attack, UnitedHealth has said it has suspended prior authorizations for most outpatient services and the utilization review of inpatient admissions for Medicare Advantage plans.

In a statement March 18, Witty said, “We know this has been an enormous challenge for health care providers and we encourage any in need to contact us.”

Cybersecurity experts talked with Chief Healthcare Executive about the growing dangers of cyberattacks at the HIMSS Conference.

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Image credit: HIMSS
Related Content
© 2024 MJH Life Sciences

All rights reserved.