"The groundwork of all happiness is health." - Leigh Hunt

Change HealthCare Cyberattack: What Consumers Should Know

March 25, 2024 – Last month's cyberattack on a big healthcare claims processor that processes transactions affecting one in three patient records within the U.S. continues to be impacting patients and can have lasting impacts on physicians, pharmacies, laboratories and other healthcare organizations .

“We’re not through the worst of it yet,” said Jesse M. Ehrenfeld, MD, MPH, president of the American Medical Association.

According to Ehrenfeld and Jillanne Schulte Wall, JD, senior director of health and regulatory policy at ASHP, the American Society of Health System, consumers are currently facing three major issues Pharmacist:

  • Potential lack of protected, sensitive patient information
  • Persistent difficulty obtaining prescriptions or health care services that require prior authorization
  • Long-term financial impact on physicians and practices, which could end in physicians leaving their practices or closing practices, affecting patients' access to health care

A fast overview

Change Healthcare, a part of Optum and owned by UnitedHealth Group, processes about half of U.S. medical claims for about 900,000 doctors, 118,000 dentists, 33,000 pharmacies, 5,500 hospitals and 600 laboratories, in accordance with 2022 DOJ figures legal action which attempted to dam UnitedHealth Group's acquisition of Change Healthcare.

When the breach was discovered on February twenty first, the corporate shut down the systems, causing massive problems. Change Healthcare's primary functions include pharmacy claims processing, provider claims processing, patient access and financial clearance, provider payments, and patient authorizations and medical necessity reviews.

Was data breached?

Has protected sensitive data been leaked? On one To update Regarding the cyberattack published on March 22, United Health Group wrote in response to this query: “Our privacy department and security information teams are actively engaged and working to understand the impact on members, patients and customers.”

“We just don’t know and we can’t speculate,” Ehrenfeld said of the potential for personal data breaches. “I don't think anyone knows.” He called on UnitedHealth Group to be more explicit on the difficulty, noting the seriousness of such violations.

Consumers rightly expect their personal information to be protected during healthcare transactions, and once that trust is broken, it's difficult to regain, Ehrenfeld said.

“Once the genie is out of the bottle, you can’t put it back in,” he said.

Problems with recipes

Immediately after the attack was discovered, it was nearly unimaginable to fill prescriptions at his hospital for about five days, Ehrenfeld said. Patients got here in for surgery but were often unable to acquire the needed prescriptions they needed to take upon discharge, for instance.

Sometimes health care providers have needed to estimate copays for prescriptions, Schulte Wall said. While they did their best to assist, “patients may receive bills later.”

The situation has improved but shouldn't be yet fully recovered. According to the update on United HealthGroup.com, roughly 99% of ChangeHealth pharmacies were operational as of March 7, however it was acknowledged that challenges remain.

When the systems failed, “many providers had to switch to keeping paper records and switching to filing paper claims, so it takes a while to process,” Schulte Wall said. She expects repercussions to last for months.

Suggested solutions

Some pharmaceutical corporations have stepped in and offered recent savings cards when the previous ones didn't work, or explained a process for post-transaction copay claims.

Lilly has made recent savings cards available to eligible patients for its medications after pharmacies reported problems processing previous savings cards immediately following the cyberattack. There is one on his website Timeline when the cards for certain medications became available. Eligible commercially insured consumers may file a claim for reimbursement if their copay card shouldn't be redeemed at their pharmacy after the outage Lilly.

The affected Novo Nordisk copay programs have been restored and are operational. An alternative processor is now handling the copay offers. The company can also be offering a refund of the difference between the total co-payment amount and the ultimate out-of-pocket costs for individuals who paid the total co-payment through the outage, with details of this Here.

Amgen has announced that customers will give you the chance to make use of the identical copay card that they were using and offering before the outage instructions about what to do for those who proceed to experience processing problems.

Long term financial impact

Patients may not immediately recognize the long-term financial impact, Ehrenfeld said, however the financial impact of the crisis has not been mitigated. “Plans aren’t getting paid, practices are being put under pressure,” he said.

He cited an internal AMA survey of its members conducted in mid-March. Many reported running out of cash, attempting to get bridging loans or withdrawing money from their retirement accounts to remain afloat. That's still true efforts from the Centers for Medicare and Medicaid Services (CMS), similar to B. a leisure of prior authorization requirements and a UnitedHealth Group loan program.

Small practices often shouldn't have the needed money reserves like larger practices to survive such a crisis, said Ehrenfeld. If the situation gets extremely worse, practices could go bankrupt or close.

“We fear it could happen,” he said.

After the pandemic, “no one is sitting on cash cushions anymore, so you as a consumer may face limited services in the future depending on how severe and how lasting the financial impact is for different types of providers,” Schulte Wall said.

Bottom line

UnitedHealth Group has released a timeline showing when services will be fully restored in the approaching weeks.

But even when the systems are fully restored, the issues should not expected to be resolved immediately. Without a cyberattack, insurance and other healthcare transactions typically take time, e.g. B. waiting for a payment decision from a primary insurance provider before insurance coverage from a secondary insurance provider comes into force.

“United has a responsibility to clean this up,” Ehrenfeld said.

Restoring trust, one other vital issue, may take even longer than restoring technology. For example, if patients show up at a pharmacy and are told they will't get their medications because they will't determine the copay (when the systems went down), “that will undermine consumer trust,” Schulte Wall said. “I wonder if people will be as trusting knowing that half of the healthcare system has collapsed due to a cyberattack.”