AMA: Physicians need financial help while awaiting Change Healthcare cyber fix

© beebright - stock.adobe.com

It may be the beginning of the end of financial delays caused by the cyberattack on Change Healthcare, according to the company.

But restoring ability to process medical claims on March 18 is a long delay hurting finances of physician offices, according to the American Medical Association (AMA).

This week, Change Healthcare parent UnitedHealth Group announced “substantial progress in mitigating the impact to consumer and care providers of the unprecedented cyberattack” on its computerized payment network.

“We are committed to providing relief for people affected by this malicious attack on the U.S. health system,” said Andrew Witty, CEO of UnitedHealth Group. “All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

For pharmacy services, electronic prescribing became fully functional on March 7. Electronic payment functionality would be restored on March 15.

For medical claims, testing and reconnecting will start March 18, according to the company’s statement.

That means physician practices have dealt with significant financial disruptions for at least 26 days, said a statement from AMA President Jesse M. Ehrenfeld, MD, MPH. UnitedHealth Group announced the cyberattack on Feb. 21, and the company later revealed the hacker was the ransomware network known as ALPHV/Blackcat, also known as BlackCat.

Physicians need help

The doctors need financial help due to the delays, Ehrenfeld’s statement said.

“The prospect of a month or more without a restored Change Healthcare claims system emphasizes the critical need for economic assistance to physicians, including advancing funds to financially stressed medical practices,” he said.

“The AMA agrees with UnitedHealth’s call for all payers to advance funds to physicians as the most effective way to preserve medical practice viability during the financial disruption, especially for practices that have been unable to establish workarounds to bridge the claims flow gap until the Change Healthcare network is reestablished,” Ehrenfeld’s statement said. “While providing needed information on timelines and new financial measures is helpful, UnitedHealth Group has more work to do to address physician concerns. Full transparency and security assurances will be critical before connections are reestablished with the Change Healthcare network.”

Paying the ransom

This week, tech industry watcher Wired posted an article claiming Blackcat/ALPHV received $22 million via the online exchange Bitcoin. Then a hacker used to an online forum to claim Blackcat cheated them of their share of the ransom, citing the publicly visible transaction, according to Wired. Dmitry Smilyanets, a researcher for security firm Recorded Future, first spotted the transaction, according to Wired.

By March 5, it appeared Blackcat had disappeared, an “exit scam” that could lead to the hackers’ return as another online attack group, according to a Reuters news report.

Take ‘em to court

On March 7, industry watcher The HIPAA Journal reported on at least five class action lawsuits were filed in Tennessee and Minnesota over the cyberattack. “And that number is expected to grow considerably over the coming days, weeks, and months,” the report said.

Technically, Change Healthcare has not confirmed a data breach, the report said. But with the company processing about 15 billion health care transactions each year with protected health information of one in three Americans, “the data breach has the potential to be huge,” according to The HIPAA Journal.