Cyberattacks against healthcare companies in the United States are becoming more common. Last year, HCA Healthcare was hit with a data breach that caused the names, birth dates, email addresses, and other personally identifiable information for more than 11 million patients to be exposed. Both that year and a year prior, several other major healthcare agencies, including Regal Medical Group and Cerebral, were victims of similar breaches and cyber crimes.
Going into 2024, these attacks have continued. In February, UnitedHealth Group faced an attack that targeted Change Healthcare. Change Healthcare is a provider of healthcare billing and data systems in the United States.
The impact on the U.S. healthcare system cannot be overstated. According to a survey conducted by the American Medical Association on the topic, “restricted functionality since the cyberattack has resulted in: 36% of respondents reporting suspension in claim payment; 32% being unable to submit claims; and 22% being unable to verify eligibility for benefits. Practices of 10 physicians or less appear to be particularly hard hit.” These results come despite Change’s efforts to limit the impact of the attack.
Given this, both CMS and Optum, which too is under the UnitedHealth umbrella, are making efforts to provide cash assistance in the short term for those affected by the cyber attack.
In the case of Optum, the company has instituted a repayment program that offers funds on a weekly basis to eligible groups impacted by the attack. To see if a group is eligible for these repayments, they must simply sign up for, or log in to, OptumPay. From here, they will be given an amount for which they can be repaid.
If the amount is determined to be insufficient, the party has the option to apply for additional funds. These will be determined based on a group’s current weekly payments compared to their weekly payments before the attack, i.e. from early February.
Once this process has been completed, funds will be repaid 45 days after typical claim payments have been restored; further instructions regarding repayment will also be available at this time. These payments will be made without fees or interest.
This structured approach aims to alleviate the financial burden on affected groups while ensuring a smooth transition back to regular payment processing—a similar goal to the processes put in place by CMS.
CMS’ program offers a monthly payment to eligible clinical groups up to the amount of historical monthly payments from claims, calculated based on their historical payments during the period of August to October 2023. Following this payment, CMS will initiate the process of recouping the funds paid out over the subsequent 90-day period.
At this stage, if the clinical group is experiencing financial hardship and unable to fulfill the repayment within the designated time frame, they have the option to apply for an extended repayment schedule. However, if the repayment is not completed by day 121, interest begins to accrue on the outstanding balance.
For those who are still confused about CMS’ plan, the organization has released several resources that can be utilized to gain further knowledge about the topic, which can be viewed here and here.
On the patient side, there’s not much that can be done to protect oneself against these leaks and attacks. However, ongoing issues like these, and the disruptions they cause to the healthcare industry, show a major weakness in our country’s healthcare infrastructure.
While CMS’ and Optum’s efforts to mitigate the impact of an event like this are admirable, the possibility that this could happen again—and have significantly more dire consequences—is not only strong but, barring a major change in healthcare security infrastructure, likely. We can only hope that the industry sees this moment as a wake-up call in order for greater, more long-lasting action to be taken in this area.
Recent Comments