Title: Ongoing Cyberattack Disrupts Insurance Processing at Pharmacies Across the US: Healthcare Professionals Express Concerns Over Revenue Loss and Patient Care
Weeks after a cyberattack disrupted insurance processing at pharmacies nationwide, healthcare professionals from various parts of the US are expressing their concerns over the potential financial repercussions and challenges in delivering optimal patient care.
Raeya Disney, a Maryland-based psychotherapist who treats trauma victims, shared her fears of having to give up her office space if the billing outage continues much longer. She has been manually processing bills and is hoping for timely payments from insurance carriers.
Similarly, Purvi Parikh, an allergist with a private practice in New York, expressed her concerns over the increased burden that this hacking incident has placed on physician practices, hospitals, and pharmacies. Parikh has been unable to submit claims to insurance carriers for nearly a week due to the outage.
The fallout from this cyberattack, which hit Change Healthcare – a unit of health IT giant UnitedHealth that processes prescriptions for insurance coverage for tens of thousands of pharmacies nationwide – is estimated to be costing some healthcare providers over $100 million per day, according to Carter Groome, CEO of Health First Advisory, a cybersecurity firm that works with large healthcare organizations.
Groome emphasized that this financial loss is not sustainable for an industry with limited cash reserves, comparing it to the 2021 Colonial Pipeline ransomware attack that disrupted fuel shipments for days and elevated ransomware as a national Website security concern.
In response to the cyberattack, Elevance Health (previously known as Anthem Inc.), which owns Anthem Blue Cross and Blue Shield and insures millions of Americans, has severed network connections to Change Healthcare “out of an abundance of caution.” Leslie Porras, Elevance spokesperson, stated that the insurance claims processing remains unaffected for their members.
As of Wednesday morning, Change Healthcare reported that its affected network was still offline. However, Tyler Mason, a company spokesperson, stated that insurance claims submissions have returned to “pre-disruption levels” due to the implementation of alternative clearinghouses for healthcare providers to submit claims.
Despite these efforts, some healthcare professionals are still struggling with adapting to this situation and experiencing confusion regarding alternative solutions to process insurance and fill prescriptions.
Amy Cizik, a health researcher in Utah, has been battling with her Salt Lake City pharmacy to process insurance for her 16-year-old daughter’s medications for several days. Her daughter, who has a rare genetic syndrome and takes multiple medications to manage the associated conditions, is in dire need of these prescriptions to function effectively at school and at home.
The ongoing issue has forced Cizik to spend hours on the phone trying to resolve it, narrowly avoiding paying $1,000 out-of-pocket for her daughter’s medication. Eventually, the pharmacy was able to process her insurance on Wednesday morning, averting this financial burden.
US senior cyber officials have been closely monitoring the situation and holding regular consultations with Change Healthcare to mitigate the problem. Andrea Palm, the deputy HHS secretary, confirmed that the department is in close communication with Change Healthcare during their efforts to restore the network.
Forensic evidence collected from the investigation suggests that a prolific ransomware gang was responsible for the attack, according to private briefings by Change Healthcare executives. This group, consisting of Russian-speaking cybercriminals, rents out their malware known as ALPHV or BlackCat. The ransomware gang has claimed responsibility for several attacks on US universities, healthcare providers, and hotels over the past 18 months.
The Justice Department announced an operation targeting the ALPHV gang in December, including the seizure of some of its computer infrastructure. However, well-oiled cybercriminal groups often recover from US law enforcement crackdowns.
As of Tuesday afternoon, the American Hospital Association (AHA) was still receiving reports from members regarding interruptions in insurance claim processing due to this cyberattack. John Riggi, AHA’s national advisor for cybersecurity and risk, emphasized that this was a systemic attack that affected not only Change Healthcare but the entire healthcare sector.
