According to a study published by the American Hospital Association, 94% of hospitals have experienced failure due to Change Healthcare cyberattacks. Jackson Health System in Miami was among the hospitals affected.
UnitedHealth disclosed nearly a month ago that cyber attackers had compromised part of Change Healthcare's information technology network. Change Healthcare provides e-prescription software and tools for payment management, but the disruption has left many providers temporarily unable to refill medications or receive reimbursement for services from insurance companies. I did.
Mary Mayhew of the Florida Hospital Association said, “If hospitals do not receive a paycheck for the services they provide, doctors, nurses, “This will impact our ability to pay other staff.” President and CEO.
FHA represents more than 200 hospitals in Florida and provides services and support focused on advancing health care policy at the state and federal levels. The association will also act as a convener to support best practices, quality improvement and response to emergencies such as this cyber attack.
Jackson Health System and its IT department were notified of the attack on February 20 and immediately cut off all access to the Change Healthcare team and disconnected software purchased from the organization.
“We had no idea what was going on on their end,” said Miriam Torres, Jackson Health System's chief revenue officer. They were able to easily access our systems through the . “IT has a set of protocols and all they do immediately is remove access.”
At this time, there are no effects on patients. The current impact is on the payer side, which is unable to process hospital claims. Over time, weeks' worth of insurance claims pile up, and Mayhew said the attack is expected to leave the hospital billions of dollars in debt.
But Torres said “we should all be concerned.”
“While this is an issue that is having a significant impact on health care across the country, everyone should be concerned about the potential financial impact this could have,” she said. Works without payment. ”
Mayhew said cybercriminals' ability to hack into the Change Healthcare system reveals the fragile state of the country's healthcare infrastructure.
“One of the biggest concerns is the fact that these cybercriminals were able to successfully attack the nation's largest health insurance company, which has undoubtedly spent tens of millions of dollars on cybersecurity. I was vulnerable,” Mayhew said. “That means it's not a matter of if it will happen again, but when it will happen again.”
FHA has so far continued to maintain access to care, but “as a country and as a state, we need to come together and look at ways to strengthen our various systems,” Mayhew said. do.
Jackson Health System does not know when this situation will end. Torres said Change Healthcare is slowly restarting its systems.
“They're not just launching the whole system at once, they're launching tool by tool,” Torres said. “We have billing tools, we have processing tools, we have payment tools, but not all of them are up and running yet.”
UnitedHealth, which provides health care to 152 million people, did not say what data was compromised in the attack or whether it worked with cyber attackers to restore its systems. The company said it is working closely with law enforcement and third parties, including Palo Alto Networks and Google Cloud's Mandiant, to assess the breach.
“We are awaiting a meeting with Change Healthcare IT leadership and Jackson IT leadership to share further information,” Torres said.
UnitedHealth Group announced Monday that it has paid more than $2 billion to assist healthcare providers affected by the cyberattack on its Change Healthcare subsidiary.
According to the AHA study, more than 60% of the 1,000 hospitals surveyed estimated the revenue hit to be about $1 million per day. Responses were collected from March 9th to March 12th.
“We urge Congress and the administration to take additional steps now to help providers deal with the significant impact of this historic attack,” AHA CEO Rick Pollack said in a release. I will continue to urge them to take action.”
The Biden administration announced Wednesday that it had opened an investigation into the company due to a “cyberattack of unprecedented scale.”
The U.S. Department of Health and Human Services Office for Civil Rights is investigating. OCR enforces the Health Insurance Portability and Accountability Act's security, privacy, and breach notification rules, and most health insurance plans, providers, and clearinghouses are required to protect health information. This must be followed.
