• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Medical groups face serious problems from Change Healthcare cyberattack


Groups are seeing difficulties with billing, insurance approvals, and prescriptions, the Medical Group Management Association says. It’s creating extra work and cash flow issues.

Change Healthcare’s systems have been down for more than a week due to a cyberattack, and medical groups are seeing a host of problems as a result of the attack.

Providers are having problems transmitting prescriptions, but the problems are much more extensive, according to the Medical Group Management Association. Medical groups are struggling with billing, getting prior authorization from insurers, and verifying insurance eligibility of patients. Some medical groups have had no incoming payments or outgoing charges.

Any of those issues individually would cause problems, but medical groups are encountering some or all of those issues, says Emily Dowsett, the MGMA’s associate director of public affairs.

“Everyone has been impacted in some fashion,” Dowsett tells Chief Healthcare Executive®.

“Certain medical groups … they've been without charges going out and payments coming in for nine days at this point,” she says.

Many of the nation’s hospitals and health systems have also been seeing similar problems with billing, claims, prescriptions and authorizations due to the Change Healthcare cyberattack.

Change Healthcare, a subsidiary of UnitedHealth Group, said Thursday that a group known as ALPHV/Blackcat has said it is responsible for the attack.

“Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network, on this attack against Change Healthcare's systems,” Change Healthcare said in a message posted Thursday. “We are actively working to understand the impact to members, patients and customers.”

Prescriptions to prior authorization

UnitedHealth Group, the parent company of Optum, which includes Change Healthcare, said in an SEC filing the incident was discovered Feb. 21.

The MGMA has sent a letter to the U.S. Department of Health & Human Services outlining the problems medical groups are seeing as a result of the cyberattack. The organization is asking the federal government to move swiftly “so medical groups do not have to take drastic actions to remain in operation.” The MGMA is pushing for financial resources and guidance in dealing with the consequences of the attack.

Medical groups are calling in prescriptions and engaging in other manual work-arounds without access to Change’s systems, but that’s costing them in manpower.

Smaller medical groups are experiencing serious problems with the lack of cash flow and their own reserves dwindling, the MGMA says.

Medical groups are struggling heavily with prior authorization, which is the process of obtaining insurance approval for a treatment plan or procedure. Most medical groups say the process is problematic even when it’s managed electronically, but it’s become far more difficult with Change Healthcare’s systems being down, Dowsett says.

“Prior authorization continuously ranks as the most burdensome issue facing medical groups,” Dowsett says. “Now they can't even submit the request and it's just a dangerous impediment to patient care.”

The problems with processing prescriptions is maddening to both physicians and patients.

“Our docs are unable to submit electronic prescriptions, so they're either calling them in, which takes time or writing paper scripts, but then the patients are going to the pharmacy and they're being told that the pharmacy can't process their insurance information,” Dowsett says.

“So it's either, pony up the money for these expensive prescriptions or go without, which is obviously leaving patients, frustrated, scared, that they might not get their medication,” Dowsett says. “And then in turn, they're calling their doctor's office about it.”

For medical groups, the timing of the attack is particularly problematic, because they are relying on their credit lines early in the year.

“Some medical groups use a line of credit at the beginning of the year because they don't carry over those reserves from the prior year,” Dowsett says. “So some practices are going to need to tap into this line of credit until the cash flow situation rectifies itself.”

With the disruptions now lasting more than a week, medical groups of all sizes are hoping for relief sooner than later.

“The longer this continues, the worse it is,” Dowsett says. “Especially at the beginning of the year, practices are not flush with cash, and maybe relying on that line of credit. So yes, it's a very precarious situation, especially for those smaller practices.”

Impacts on hospitals

Jeremy Nordquist, president of the Nebraska Hospital Association, said in a news release that the attack “is impacting the operations of most Nebraska hospitals,” KNOP-TV reports. “Our hospitals are doing their best to manage through these challenges as quickly and efficiently as possible.”

Rick Pollack, president and CEO of the American Hospital Association, outlined some of the looming financial consequences from the cyberattack of Change Healthcare in a letter to the U.S. Department of Health and Human Services.

“This unprecedented attack against one of America’s largest healthcare companies has already imposed significant consequences on hospitals and the communities they serve,” Pollack wrote. “Although the full scope of the impact is still unclear, Change Healthcare’s vast nationwide reach suggests that it could be massive.”

Change Healthcare provides a variety of services to hospitals and health systems, including pharmacy solutions, revenue cycle management, data analysis, patient engagement and clinical support. Citing information released by Change Healthcare, the AHA says the company processes 15 billion health care transactions annually and touches 1 in every 3 patient records.

Optum says it has disconnected Change Healthcare’s systems. “We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue,” Optum has said.

The attack has reinforced that healthcare organizations are prime targets for cyberattacks. Dowsett points out the vast disruption involving an attack on an organization that is connected to so many healthcare providers.

“The number of cyberattacks, it only continues to escalate against healthcare organizations,” Dowsett says. “Practice leaders have to stay particularly vigilant and take all the steps they can to protect patient data and protect the practice itself.”

More than 100 million Americans were affected by breaches of private health information in 2023.

Read more: The 11 biggest health data breaches of 2023

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Image credit: HIMSS
© 2024 MJH Life Sciences

All rights reserved.