In a devastating blow to the U.S. healthcare system, a cyberattack on Change Healthcare, a crucial health-care company owned by UnitedHealth Group, is wreaking havoc on hospitals, doctor offices, pharmacies, and millions of patients nationwide. Government and industry officials are labeling this incident as one of the most serious attacks in the history of the U.S. healthcare system.
The cyberattack, which occurred on February 21, targeted Change Healthcare, a company processing a staggering 15 billion claims totaling more than $1.5 trillion annually. The company, owned by UnitedHealth, operates the largest electronic clearinghouse, connecting healthcare providers with insurance companies to process payments and determine patient obligations. Tens of thousands of physicians, dentists, pharmacies, and hospitals relied on Change Healthcare, handling 50 percent of all medical claims in the United States, according to a 2022 lawsuit by the Justice Department.
The ransomware gang behind the attack, previously believed to have been crippled by law enforcement, stole patient data, encrypted company files, and demanded a ransom for their release. In response, Change Healthcare shut down most of its network in an ongoing effort to recover.
The fallout from this attack has left health-care organizations cut off from crucial systems, hindering the transmission of patients’ health-care claims and payments. While the outage does not impact direct patient care systems, it exposes vulnerabilities across the entire U.S. health-care system, affecting patients’ ability to pay for medications and jeopardizing the financial stability of organizations heavily dependent on Change’s platform.
Quantifying the impact remains a challenge, with severity varying based on organizational reliance on Change. Three senior officials at the Department of Health and Human Services have described it as a serious crisis.
Senate Majority Leader Charles E. Schumer has called for accelerated payments to impacted health care providers, urging the Centers for Medicare and Medicaid Services to address the financial strain on hospitals, pharmacies, and other affected entities. Hospitals are struggling to bill patients and receive payments, while patients face difficulties obtaining information on insurance coverage for treatments.
The American Hospital Association deems this cyberattack the most significant in U.S. health-care history. Some hospitals reported delays in patient discharges due to the inability to fill prescriptions. Workarounds, such as submitting claims manually, have been implemented, but challenges persist.
UnitedHealth’s subsidiary, Optum, has initiated a temporary assistance program to provide short-term loans to affected organizations, intending to be repaid once Change Healthcare is operational again. Switching to alternative vendors is complex due to contractual agreements and technical reasons, exacerbating cash flow problems for health-care providers.
The incident highlights the urgent need to strengthen cybersecurity resilience across the health-care ecosystem. Industry experts and officials stress the severity of the attack, emphasizing its impact rather than its size. The ongoing crisis underscores the vulnerabilities created by dependence on centralized networks and third-party payment systems, prompting a reevaluation of the current payment model.
Hospitals across the country, from Minnesota to Massachusetts, report varying degrees of impact on billing systems, hindering claims processing and reimbursement. The financial sustainability of the health care system is at risk, with hospitals facing a growing burden on patient care and operational stability.
In the wake of this unprecedented cyberattack, hospitals are scrambling to establish alternative payment pathways with insurance companies. While larger systems may weather the crisis by tapping reserves, community hospitals find themselves vulnerable to an attack on a business entity that created vulnerabilities through its marketplace dominance, threatening disastrous consequences for those already dealing with small margins and challenging cash flow situations.
