Small private practices and health care providers are facing increasing financial pressure after a cyberattack on Change Healthcare knocked down a vital reimbursement system for a ninth day.
Change Healthcare provides payment and revenue cycle management tools that help facilitate transactions between providers and most major insurance companies.its parent company UnitedHealth Group On February 21, the department reportedly discovered that cyber threat actors compromised part of the unit’s information technology network a filing and the U.S. Securities and Exchange Commission.
As a result, the company immediately isolated and disconnected the affected systems “upon detection” of the threat, the document said.
The consequences have caused ripple effects throughout the U.S. health care system.
Doctors told CNBC that the outage prevented them from checking patients’ eligibility for treatment or electronically dispensing prescriptions, adding more administrative responsibilities to staff already overwhelmed with paperwork. Perhaps more importantly, providers are unable to receive reimbursement from insurance companies, effectively grinding the revenue cycle to a standstill for many health systems.
Small and medium-sized practices that rely on reimbursement cash flow to operate are making difficult decisions about how to stay afloat. Experts say if the outage lasts too long, some clinics may have to close permanently.
Dr. Purvi Parikh, an allergist and immunologist in private practice in New York City, told CNBC that the breach caused “chaos” and “tremendous stress.” Like many others, she said her clinic is unable to get reimbursement from insurance companies for patient visits, making it difficult for the clinic to cover operating expenses such as wages and medical supplies.
Parikh said switching to the new platform could take weeks, so there’s no immediate fix. As of Thursday, Change Healthcare had not shared any updates on when its systems were expected to come back online.
“The most frustrating thing is that no one has any answers or solutions,” Parikh said. “We’re kind of stuck.”
Change Healthcare said Thursday that ransomware group Blackcat was behind the attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data from organizations and threatens to make it public unless a ransom is paid. Released in December From the U.S. Department of Justice.
The company said it was working with law enforcement and third-party consultants such as Google-owned Mandiant and cybersecurity software provider Palo Alto Networks to evaluate the breach.
“Patient care is our top priority and we have a variety of solutions to ensure people have access to the medications and care they need,” Change Healthcare said in a statement to CNBC.
Dr. Kiranjit Khalsa, an allergist and immunologist who runs an independent practice in Scottsdale, Arizona, said her staff has been working longer hours to try to accommodate the increase in traffic due to violations. Extra work and manual retrieval of prescriptions.
She said reimbursement issues have been “the biggest burden” as she worries about how to continue supporting patients and staff. Casa is considering reducing staff hours or even closing the clinic for a few days.
“I’m worried about how I’m going to feed them,” Khalsa told CNBC. “I’m also worried: If the money doesn’t go out, where will I go? Do I need a loan to keep the clinic running?”
Dr. Dan Inder Sraow, an interventional cardiologist who has a private practice near Phoenix, Arizona, said even if Change Healthcare’s systems do come back online, there are still many unanswered questions about what happens next. He said it’s unclear whether Change Healthcare will assume responsibility for processing all claims or whether it will need to hire more staff to assist.
“I think people don’t realize that the actual people providing the services don’t get revenue from those services,” Dr. Sraow told CNBC. “We don’t know how long this is going to last and it’s a very, very dangerous thing.”
Dr. Jesse Ehrenfeld, president of the American Medical Association, said he has spent days fielding calls from concerned colleagues.
He said he spoke to a doctor who ran an oncology clinic and had only a maximum of two weeks of cash on hand. If the outage is prolonged, clinics will be unable to purchase chemotherapy drugs that patients rely on for treatment.
Ehrenfeld said with many suppliers operating on razor-thin margins, some may go out of business.
“We have a lot of clinics that are on the edge, especially the smaller ones, that are just scraping by,” Ehrenfeld told CNBC. “Any anomalies in the system like, ‘Oh, you’re two weeks away. None have been checked’ and obviously this situation does pose a risk to the practice.”
Transforming healthcare in 2022 merge Optum serves more than 100 million patients in the United States and is part of UnitedHealth, the largest healthcare company in the United States by market value.
The American Medical Association publicly opposed the merger and a letter told the Justice Department that the union could stifle competition, give UnitedHealth Insurance Company access to large data stores and potentially disrupt patient care.
The merger eventually went through, but the U.S. Department of Justice recently launched an antitrust investigation into UnitedHealth Insurance Company, according to the Wall Street Journal Report Tuesday.
“It’s kind of a perfect storm of regulatory issues (and) lack of competition — and unfortunately, the ones who are really suffering are the patients and the individuals who work in the health care system,” said Dr. Ravi Parikh, a retinal physician. Professionals who own and operate clinics in New York City.
The cyberattack prevented Parikh’s clinic from being reimbursed for the expensive drugs it administered. He said he has been thinking about contingency plans, such as finding cheaper drugs and asking some patients to pay upfront, but his focus is on providing the best care possible.
“The health care system may eventually grind to a halt as many clinics and pharmacies may not survive,” Parikh said.