Healthcare providers across the United States are facing financial challenges as they grapple with the aftermath of a week-long ransomware outage at a crucial tech unit of UnitedHealth Group (UNH.N). Smaller providers, in particular, report cash shortages, while large hospital chains find themselves unable to process payments, absorbing upfront costs in the process, according to the American Hospital Association (AHA), representing nearly 5,000 healthcare entities.
The extent of the problem is challenging to gauge, but reports from six small businesses, including five therapists and one laboratory, reveal difficulties in processing claims, resulting in accumulating thousands of dollars in overdue payments. The cyber incident targeted UnitedHealth’s Change Healthcare unit, a pivotal component in the intricate U.S. system for creating and clearing insurance claims. The impact has also been felt in electronic pharmacy refills and insurance transactions, prompting some providers to resort to traditional paper transactions.
Phil Seubring, the legal director at Forensic Fluids in Kalamazoo, Michigan, expressed the severity of the situation, stating, “We are 100 percent down when it comes to billing right now.” Similarly, Jenna Wolfson, a clinical social worker in Felton, California, providing therapy to around 30 clients weekly, voiced concerns over approximately $4,000 in pending claims, emphasizing the potential catastrophic consequences for small business mental health practitioners.
While the immediate fallout may disproportionately affect smaller offices, AHA cybersecurity adviser John Riggi warns that providers of all sizes will feel the strain if the outage persists. Larger hospitals with robust resources and alternate technologies might weather the disruption initially, but the prolonged impact could be widespread.
The restoration of core services following high-impact ransomware attacks can take up to 30 days, with additional weeks required to reinstate less critical functions, according to Riggi. The uncertainty lies in whether other clearinghouses can accommodate the surge in claims traffic, as hospitals anxiously await solutions from Change Healthcare.
UnitedHealth, acknowledging the hack’s impact on payments, has yet to provide details on how it affects hospitals as the issue reaches its one-week mark. Dana Hughes, representing a physical therapy practice in Corvallis, Oregon, highlights the significant cash flow disruption for providers, unable to file claims after their software vendor disconnected from Change Healthcare.
While claims submissions have reportedly returned to pre-disruption levels, a UnitedHealth spokesperson suggests that providers can use alternative clearinghouses. The initial attribution of the disruption to a “suspected nation-state associated cybersecurity threat actor” has been contested, with sources pointing to a criminal gang named “Blackcat” or “ALPHV” as the responsible party.
Reported by Raphael Satter and Christopher Bing in Washington, and Patrick Wingrove in New York, with additional reporting by Sriparna Roy in Bengaluru. Edited by Caroline Humer and Bill Berkrot.
