UnitedHealth Group, the American Hospital Association and the Health and Human Services Department remain focused on a cyberattack that has crippled electronic transactions between pharmacies and payers for nearly a week.
The AHA continues to advise member hospitals to remain disconnected from UnitedHealth Group division Change Healthcare's systems, which were attacked last Wednesday. The company blamed a foreign government for the breach while Reuters reported a ransomware collective known as BlackCat, also called ALPHV or Noberus, is the culprit.
Update: What the Change Healthcare outage means for cybersecuirty
“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” UnitedHealth Group subsidiary Optum, which houses Change Healthcare, wrote in a notice on its website Tuesday.
“We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect,” Optum wrote. The company expects the disruption to continue at least until Wednesday.
In the meantime, hospitals should not use Change Healthcare systems but may consider accessing network services connected to other parts of UnitedHealth Group, including UnitedHealthcare and Optum, that the company has declared safe, the AHA and the Health Information Sharing and Analysis Center wrote in a notice sent to members Monday.
“Each healthcare organization should continue to monitor and independently evaluate information provided by Change Healthcare to inform its own risk-based decisions regarding nonimpacted systems,” the AHA and and the Health-ISAC wrote.
The AHA-Health-ISAC advisory includes guidance on how hospitals may check if their own systems have been compromised because of the Change Healthcare incident. Citing the cyber intelligence company RedSense, the AHA and the Health-ISAC wrote that the cyberattack exploited vulnerabilities in the ConnectWise ScreenConnect software used for remote desktop access.
Federal authorities are closely monitoring the situation, HHS Assistant Secretary for Public Affairs Jeff Nesbit said in a statement Tuesday.
“This incident serves as yet another reminder of the interconnectedness of the domestic healthcare ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem,” Nesbit said. “HHS will continue to leverage our existing authorities and to work with Congress on new authorities and resources as appropriate to advance sector resiliency.”
Change Healthcare operates one of the largest U.S. pharmacy billing systems and processes 15 billion transactions a year. The cyberattack has wreaked havoc on pharmacies, hospitals and other providers, which have scrambled to work around the Change Healthcare shutdown.
Pharmacies use Change Healthcare’s technology to transmit claims to health insurers and pharmacy benefit managers and to determine how much to charge patients.
Reimbursement is among the complications for pharmacies and other providers, according to the AHA. On Monday, the trade group wrote HHS Secretary Xavier Becerra requesting access to advanced Medicare payments to mitigate the “immediate adverse impact” the cyberattack has had on hospital finances.
UnitedHealth Group disputes the characterization that providers should be concerned about reimbursement given the normal lag between products and services being delivered and payments being made.
“We understand the impact this issue has had on claims for payers and providers. Any delays to claims processing have yet to impact provider cash flows as payers typically pay one to two weeks after processing," a UnitedHealth Group spokesperson said in a statement Monday. “As we work on bringing systems back online, we are also developing solutions to that challenge if needed,” the spokesperson said.
According to UnitedHealth Group, more than 90% of U.S. pharmacies have employed alternative means to process claims. The company’s UnitedHealthcare insurance division and its OptumRx PBM had received fewer than 100 reports of members being unable to obtain medicines as of Monday night, the spokesperson said.