Add mergers and acquisitions to the list of things the Change Healthcare cyberattack has disarrayed.
Healthcare deals are on the rise. But the ransomware attack against the UnitedHealth Group division has already caused dealmakers to more intensely scrutinize cybersecurity vulnerabilities and to consider the financial damage potential targets have endured, according to attorneys who specialize in M&A.
Related: UnitedHealth urges Change customers to reconnect to restored systems
Hospitals, pharmacies, nursing homes and other providers are still dealing with kludgy workarounds and delayed reimbursements that have disturbed balance sheets and increased uncertainty around transactions. Cybersecurity and data risk assessments are likely to be emphasized more greatly during due diligence and antitrust reviews, the attorneys said.
Complicating deals in progress
The ongoing financial harm is posing challenges for mergers and acquisitions currently in the works, said Robert Miller, a partner at Hooper Lundy & Bookman who specializes in healthcare corporate and regulatory issues. And these companies are accumulating unpaid claims and borrowing to cover short-term needs in the meantime.
“We’re going into a transaction with my client carrying multiple times what they would typically carry in accounts receivable dollars,” Miller said.
This introduces additional financial risk for sellers and buyers alike, Miller said. When considering a target experiencing cash flow problems, acquirers face a choice between assuming responsibility for the financial situation or renegotiating agreements in process, Miller said.
“[Sellers] are pretty nervous,” Miller said. "They're not getting paid, and now they are being asked to just trust that they will get paid in the future. They’ve got to trust their payers, they’ve got to trust their billing company. And now, they also have to trust the buyer because the buyer is going to be holding the purse strings, and they're going to have a lot of leverage.”
Despite these challenges, so far transactions seem to be advancing without delay, said John Fanburg, chair of the health law group at Brach Eichler.
In the future, however, companies exploring M&A may contemplate clauses that dictate terms when similar breaches occur before transactions are complete, Miller said.