A crippling cyberattack on a major healthcare clearinghouse has thrown the U.S. healthcare system into disarray, leaving providers scrambling for cash and the government scrambling to provide relief.
In response to a two-week-old ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, the U.S. Department of Health and Human Services (HHS) has announced a series of measures to ease the financial strain on impacted healthcare providers. These measures are designed to address the disruption caused by the attack, which has hampered the flow of insurance payments and other critical financial transactions.
The HHS initiative includes:
Relaxation of Medicare Prescription Requirements: The Centers for Medicare and Medicaid Services (CMS) will assist providers in switching clearinghouses and provide guidance to Medicare Advantage and Part D plans to ease prior authorization requirements.
Recommendations for Medicaid and CHIP: Similar recommendations will be issued for Medicaid and Children's Health Insurance Program (CHIP) providers.
Expedited Payment Options: HHS will consider requests for accelerated payments from healthcare organizations, mirroring the approach taken during the COVID-19 pandemic.
Lawmakers and healthcare industry leaders have ramped up pressure on the government to address the deepening crisis. Concerns about financial viability have run high, with smaller providers facing the threat of closure and staff furloughs.
Molly Smith, Group Vice President for Public Policy at the American Hospital Association, emphasized the urgency of ensuring financial stability: "The healthcare system needs certainty that the cash needed to finance patient care is going to flow."
Senate Majority Leader Chuck Schumer (D-NY) sent a letter to CMS Administrator Chiquita Brooks-LaSure, urging decisive action to prevent the attack from jeopardizing "the financial stability of healthcare providers and even critical care to patients across America."
The attack on Change Healthcare, which handles a substantial portion of medical insurance billings and payments, has had a significant impact on healthcare providers nationwide. Hospitals, pharmacies, clinics, and other entities have struggled to submit bills and receive payments, jeopardizing their financial viability.
Optum, in an attempt to address the immediate cash flow issues, offered loans to affected providers. However, the program has been met with criticism due to limitations in its scope and terms.
Many smaller providers have found the loan amounts offered by Optum to be insufficient to adequately address their financial needs. Diana Holmes, a clinical social worker in Massachusetts, was offered a loan of only $20 despite having around $4,000 in unpaid billings.
The American Hospital Association raised concerns about the terms of the loan agreements, citing a lack of consideration for the full range of payments received by providers and the inclusion of clauses deemed overly broad and potentially onerous.
Dr. Seth Eappen, head of a psychiatry practice in Illinois, shared the personal ramifications of the attack. He has had to liquidate personal assets to keep the practice afloat and was offered a meager $190 through Optum's loan program, falling far short of their actual needs.
While the government's intervention and Optum's loans offer some temporary relief, the healthcare system faces a long road to recovery. Continued collaboration between the government, the healthcare industry, and cybersecurity experts is crucial to address the long-term consequences of this attack and prevent similar incidents in the future.
