Pressure Builds for Federal Intervention on Change Healthcare Cyberattack

By Eric Wicklund

The American Hospital Association has added its voice to growing calls for federal intervention in the Change Healthcare cyberattack.

In a March 4 letter to Congressional leaders, AHA President and CEO Richard Pollack said the “unprecedented attack,” now more than two weeks old, has severely affected the nation’s healthcare industry.  He said the organization has been in touch with UnitedHealth Group officials regarding the outage, asking for more transparency about what happened, a timeline on when the issue would be resolved, and temporary access to advance payments to help providers during the downtime.

“Unfortunately, UnitedHealth Group’s efforts to date have not been able to meaningfully mitigate the impact to our field,” Pollack said in the letter. “Workarounds to address prior authorization, as well as claims processing and payment are not universally available and, when they are, can be expensive, time consuming and inefficient to implement. For example, manually typing claims into unique payer portals or sending by fax machine requires additional hours and labor costs, and switching revenue cycle vendors requires hospitals and health systems to pay new vendor fees and can take months to implement properly.”

Pollack said the AHA had sent a letter to Health and Human Services Secretary Javier Becerra on February 26 asking HHS to step in and take action. Specifically, they asked Becerra to:

  • Direct Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.
  • Issue guidance to payers on how they should be handling payments during this time.
  • Pressure UnitedHealth Group officials to make sure they’re taking all the necessary steps to remedy the situation, including “implementing a meaningful financial assistance program and engaging in frequent and forthright communication with providers.”

“This incident demands a whole of government response,” Pollack added. “We therefore urge Congress to consider any statutory limitations that may exist for any federal agencies that can assist hospitals at this critical moment. If such limitations exist, the Executive Branch may be unable to provide solutions to ensure our nation’s provider network remains solvent and serves patients.”

The cyberattack on the IT business of UnitedHealth, which came to light roughly two weeks ago, has crippled operations at thousands of pharmacies across the country, and in doing so affected many more providers. Experts estimate the industry is losing more than $100 million a day due to the outage, which is rumored to have been a ransomware attack.

“Change Healthcare is the predominant source of more than 100 critical functions that keep the healthcare system operating,” Pollack noted in his letter. “Among them, Change Healthcare manages the clinical criteria used to authorize a substantial portion of patient care and coverage, processes billions of claims, supports clinical information exchange, and processes drug prescriptions. Significant portions of Change Healthcare’s functionality have been crippled. As a result, patients have struggled to get timely access to care and billions of dollars have stopped flowing to providers, thereby threatening the financial viability of hospitals, health systems, physician offices and other providers.”

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, and Pharma for HealthLeaders.