Pharmacies and providers still struggling with disarray six days after UnitedHealth Group division Change Healthcare suffered a cyberattack.
The incident, which the company blames on an unnamed foreign government, continues to disrupt operations for Change Healthcare customers and will persist until at least Tuesday, Change Healthcare disclosed Monday. Clients have faced significant obstacles completing basic tasks such as handling prescriptions and claims.
Change Healthcare outage update: AHA urges caution
Change Healthcare is one of the largest claims processing vendors and manages 15 billion transactions a year. Pharmacies use its technology to transmit claims to health insurance companies and pharmacy benefit managers and to determine how much to charge patients for medications.
“We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online,” Change Healthcare said in a statement posted to its website at 8:04 a.m. EST Monday. UnitedHealth Group declined to comment.
Change Healthcare has a "high level of confidence" that the breach is limited to its dedicated systems and has not affected other parts of UnitedHealth Group's technology infrastructure, the company said. UnitedHeath Group acquired Change Healthcare in a $13 billion deal in 2022 and incorporated it into Optum.
Reuters reported Monday that the hacker group BlackCat, also known as ALPHV or Noberus, was behind the cyberattack, which would make Change Healthcare the latest victim of a ransomware incident, including a growing number in the healthcare sector.
“People are just scrambling around trying to figure out what to do as far as getting the patients taken care of,” said Patrick Berryman, senior vice president of special projects and relationships at the National Community Pharmacists Association.
The Change Healthcare cyberattack has "touched every hospital in the United States one way or another, directly or indirectly," John Riggi, the American Hospital Association's national advisor for cybersecurity and risk, said Monday. Claims processing, payment reimbursement and pharmacy operations are affected, he said.
The AHA, which urged members to disconnect from Change Healthcare last week, wrote Health and Human Services Secretary Xavier Becerra Monday requesting federal assistance.
"This unprecedented attack against one of America’s largest healthcare companies has already imposed significant consequences on hospitals and the communities they serve," AHA President and CEO Rick Pollack wrote. "Although the full scope of the impact is still unclear, Change Healthcare’s vast nationwide reach suggests that it could be massive."
The incident is having an "immediate adverse impact on hospitals’ finances," Pollack wrote. "It is particularly concerning that while Change Healthcare’s systems remain disconnected, it and its parent entities benefit financially, including by accruing interest on potentially billions of dollars that belong to healthcare providers."
Hospitals and health systems such as NewYork-Presbyterian Hospital in New York City, New York-based Weill Cornell Medical Center, Froedtert and the Medical College of Wisconsin in Milwaukee, Pigeon, Michigan-based Scheurer Health, and Marshall, Michigan-based Oaklawn have reported difficulties.
"We have identified a solution that allows our pharmacies to resume close-to-normal operations at all locations. Most patients should not experience any significant delays at our pharmacy locations," a Froedtert and the Medical College of Wisconsin spokesperson said Monday.
In its letter, the AHA asks the Health and Human Services Department to provide guidance on how hospitals may request advanced and accelerated Medicare reimbursements, ease enforcement and evaluations of quality, safety, electronic prescribing and other standards, and advise hospitals on how the disruption may affect value-based care arrangements.
Pharmacies are trying workarounds, but risk billing and claims mistakes that could be costly, Berryman said. For example, a drugstore may unknowingly fill a prescription that required prior authorization, which could result in nonpayment, he said.
CVS Health activated continuity plans to limit disruption, a spokesperson said Monday. The Defense Department is filing prescriptions for military personnel, civilian employees and families manually, TRICARE said last week. Walgreens and the National Association of Chain Drug Stores did not respond to requests for comment.
“Pharmacies across the nation are reporting significant backlogs of prescriptions they are unable to process,” the American Pharmacists Association said in a news release Friday. “Pharmacists are working overtime to continue their work, to treat patients and to do this in as timely a fashion as possible,” the professional organization said.
OptumRx advised pharmacies to continue filling prescriptions using emergency protocols and that its pharmacy management systems can process offline claims, according to a notice sent to pharmacies Thursday. The National Community Pharmacists Association shared the document with Modern Healthcare.
Healthcare vendors have increasingly become targets for cyberattacks because they possess a wealth of patient information and are perceived as more vulnerable than large health systems and health insurance companies with more robust security.
"A lot of the risk we are exposed to in the healthcare sector comes from third parties," Riggi said. "We can spend our entire budget on cybersecurity but we're plugged into third parties who may not be as secure as us, and we have to depend on their technology."
UnitedHealth Group is evaluating the financial consequences of the cyberattack, the company notified regulators last week. Fitch Ratings does not anticipate it will have a material impact while Moody’s Investors Service declared it to be credit-negative for the company.