Change Healthcare cyberattack: UnitedHealth offers timeline, providers say financial woes continue

More than two weeks after the cyberattack on Change Healthcare, hospitals, physicians and medical groups now have a projected timeline for the restoration of services.

Rick Pollack, president & CEO of the American Hospital Association, has said the Change Healthcare cyberattack is the most serious in U.S. history.

However, groups representing physicians say their financial disruptions will continue, and they expressed frustration with the situation and the need for more communication. Hospitals and other providers have all encountered serious difficulties since the attack was reported Feb. 21, including interruptions in filing claims, cash flow problems, delays in checking insurance eligibility and problems filling prescriptions.

UnitedHealth Group, Change Healthcare’s parent company, outlined a timeline Friday for the restoration of connectivity to the medical claims network.

The company said it expects to begin testing connectivity to the medical claims network and software on March 18, and hopes to restore service through that week. UnitedHealth Group said electronic payment functionality will return beginning March 15. And the company says electronic prescribing of medications is functioning again, with claim submission and payment transmission available as of Friday.

Andrew Witty, CEO of UnitedHealth Group, said in a statement that the company is “committed to providing relief for people affected by this malicious attack on the U.S. health system.”

“All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications,” Witty said in a statement. “We’re determined to make this right as fast as possible.”

Organizations representing hospitals and doctors expressed gratitude for getting a clearer picture of when services could be restored. But they also said they are still seeing serious financial pressures from the cyberattack, because Change Healthcare works with so many providers across the healthcare system. They also indicated they aren’t fully satisfied with the company’s response.

Rick Pollack, president and CEO of the American Hospital Association, said UnitedHealth Group’s announcement doesn’t change the impact of the “historic cyberattack on the U.S. health care system.”

“Nothing in the announcement materially changes the chronic cash flow implications and uncertainty that our nation’s hospitals and physicians are experiencing as a result,” Pollack said in a statement. “Even after Change Healthcare’s technology is restored, it will be weeks – if not months – before our hospitals and other health care providers will be made whole.”

Pollack said the hospital association will work with UnitedHealth Group and other payers for assistance, and is also pressing for more help from Congress and President Biden’s administration.

Earlier this week, the U.S. Department of Health & Human Services outlined steps to accelerate Medicare payments to hospitals, but the AHA and other healthcare groups called for more decisive action. The hospital association has called the cyberattack the most significant healthcare cyberattack in American history.

• Read more: Florida Hospital Association CEO describes ‘massive’ impact of Change Healthcare cyberattack

Jesse Ehrenfeld, president of the American Medical Association, says the Change Healthcare cyberattack has placed serious financial pressures on doctors.

Jesse M. Ehrenfeld, M.D., president of the American Medical Association, said UnitedHealth Group’s March 18 timeline “means significant financial disruption on physician practices will extend past 26 days before there is the possibility of establishing reliable network connections.”

“The prospect of a month or more without a restored Change Healthcare claims system emphasizes the critical need for economic assistance to physicians, including advancing funds to financially stressed medical practices,” Ehrenfeld said in a statement.

“While providing needed information on timelines and new financial measures is helpful, UnitedHealth Group has more work to do to address physician concerns,” Ehrenfeld added. “Full transparency and security assurances will be critical before connections are reestablished with the Change Healthcare network.”

The AMA also called on payers to advance funds to doctors to ensure the solvency of medical practices, noting that some haven’t been able to create workarounds to deal with the barriers to processing claims.

The Medical Group Management Association said it appreciates having clarity on the timeline for restoration. But Anders Gilbert, the MGMA’s senior vice president of government affairs, said medical groups, which have been hurt badly by the attack, need to see who events unfold.

“While MGMA is encouraged by UnitedHealth Group’s announcement with the timeline for restoring services and additional funding for those providers most impacted, as always, the devil is in the details and we’ll see how this plays out,” Gilbert said in a statement.

Gilbert also cited UnitedHealth Group’s temporary assistance fund for providers affected by the cyberattack. Some healthcare organizations panned the program, saying it was inadequate and included onerous restrictions.

“When the initial temporary funding program rolled out, many medical groups weren’t eligible or the offers they did receive were shockingly low,” Gilbert said in a statement. “As far as the restoration timeline, while Change Healthcare may make their electronic payment functionality available next week, do vendors feel safe enough to reconnect? Time will tell.”

• Read more: A look at the group behind the Change Healthcare cyberattack

The financial fallout of the cyberattack has traveled across the country. Kevin Holloran, senior director of Fitch Ratings, talked about the impact during a webinar Thursday on the financial outlook of nonprofit hospitals, including interruptions in cash flows.

Holloran also the attack is also spurring other responses from hospitals.

“I've already heard a whole lot of people saying, ‘Hey, we're redoubling our efforts on cybersecurity,’” Holloran said. “But this is a risk we've called about many, many times. You can harden your own house, but sometimes things are outside of your control with vendors.”