On February 21, 2024, Change Healthcare was hit by a ransomware attack from the group BlackCat/ALPHV, crippling one of the top U.S. healthcare transaction processors. The attack immediately halted claim submissions for physician practices, hospitals, and pharmacies, causing widespread operational and financial challenges.
By April 1, six weeks later, only 3 out of the 14 billion dollars in pending customer revenues had been processed, significantly affecting practices that depend on timely reimbursements. This prolonged downtime led to severe service interruptions, impacting patient care, claims processing, and the financial stability of healthcare providers.
According to an AMA survey conducted by the Federation of Medicine from March 26 to April 3, 2024, involving over 1,400 respondents primarily from practices with fewer than 10 physicians, the cyberattack had devastating effects:
- 80% of practices reported lost revenue from unpaid claims.
- 85% had to allocate additional staff time and resources to manage revenue cycle tasks.
- 78% lost revenue due to the inability to submit claims.
- 51% faced revenue losses from not being able to charge patient co-pays or fulfill remaining obligations.
The attack underlined the critical reliance of the healthcare system on digital infrastructure and the significant consequences of its failure, with the American Hospital Association noting that 15 billion healthcare transactions were disrupted, affecting one in every three patient records in the U.S.
Lessons Learned and Preventive Measures
This event highlights the vulnerabilities of healthcare’s digital infrastructure, emphasizing the need for strong cybersecurity and proactive measures to maintain service continuity during such incidents. Here are a few Recommendations for Private Practices:
Use a Billing System with Clearinghouse Redundancy: Practices should adopt billing systems that offer redundancy by integrating with multiple clearinghouses. This ensures that if one system goes down, another can take over, minimizing disruption to operations and revenue flow.
Implement Business Contingency Plans: The Change Healthcare cyberattack highlights the urgent need for private practices to have contingency plans for operational disruptions:
- Sending Claims on Paper: Prepare to process and send claims manually if digital systems fail.
- Utilizing Payer Portals: Train staff to submit claims through payer portals when automated systems are unavailable.
- Engaging Short-Term Billers: Identify and connect with billing professionals available for immediate short-term engagement during crises.
- Securing Short-Term Loans: Establish quick-access short-term loan agreements with financial institutions to manage cash flow during reimbursement delays.
Data Backup: Always maintain up-to-date backups of all critical data. This step is essential not just for operational continuity but also for recovery after any data loss incident.
Securing Access to Payer Portals: To manage claims effectively, even during an attack, implement multifactor authentication (MFA) and use encrypted VPN connections for secure data transmission to and from payer portals. Conduct regular audits and access reviews to ensure only authorized personnel can access these portals, minimizing the risk of internal breaches. Train employees to recognize phishing and other social engineering attacks to prevent credential theft.
Additionally, maintain an updated list of your top payers and identify the account holder for each payer website. Ensure that access to each payer portal is clearly understood and can be executed without the account holder present. This readiness ensures continuous operations regardless of individual availability.
Investing in Cyber-Security Protection: Allocate resources towards advanced ransomware defense mechanisms to detect, prevent, and respond to attacks promptly. Utilize security programs like Norton, McAfee, etc. to detect ransomware and other malware before it can encrypt data or spread across the network.
By addressing these areas, healthcare organizations can significantly improve their resilience against cyberattacks, ensuring continuous and secure operations even in the face of evolving threats.
The Importance of Backup Systems and Options
A critical lesson from this attack is the dangers of relying on a single clearinghouse for claim processing. This reliance became a significant vulnerability when operations were disrupted, putting revenues at risk. In response to this vulnerability, Populate has taken proactive steps to ensure that such a dependency does not compromise our client’s operations in the future.
Here are some key measures taken by Populate EMR:
Multiple Clearinghouse Integration: Populate was the first EMR company to establish clearinghouse redundancy in the wake of the Change Healthcare outage. This ensures that our clients have alternatives if one system is compromised. Redundancy is crucial for maintaining revenue flow and operational continuity.
Robust Claim Status Investments: Submitting across clearinghouses requires a robust investment in claim-status finding technology. Our team worked diligently to integrate this new process, ensuring timely and accurate claim status updates for our users.
EDI Downtime Solutions: With electronic data interchange being temporarily down, Populate provided a stopgap solution by enabling the preparation of paper claims with a single click. This functionality ensured that practices could still process their most critical claims during the outage.
Commitment to Security: Populate upholds security standards on par with industry leaders like Microsoft. We prioritize protecting our client’s data through rigorous security measures, ensuring the safety and integrity of their information against cyber threats.
Populate’s swift adaptation to the Change Healthcare incident highlights our commitment to our client’s security and operational resilience.
Conclusion
The Change Healthcare hack served as a stark reminder of the vulnerabilities inherent in the healthcare sector’s reliance on digital infrastructure. This incident highlighted the critical need for robust cybersecurity measures and the importance of maintaining flexible, resilient systems to ensure operational continuity and safeguard sensitive patient data.
The proactive measures taken by Populate, including the integration with multiple clearinghouses and the swift adaptation to alternative processes, exemplify the type of resilience and flexibility that is crucial for the healthcare industry. Such strategies not only protect against financial and operational risks but also uphold the commitment to patient care in the face of adversity.