Change Healthcare, a subsidiary of global healthcare company UnitedHealth Group, has been involved in an unprecedented ransomware attack that has caused severe cash flow problems for healthcare providers, threatened access to healthcare, and leaked confidential information to the dark web. Nine months after receiving it, I had my medical billing service restored.
Change Healthcare, one of the world's largest healthcare payment processing companies, was affected by a ransomware attack on February 21st.
The company acts as a clearinghouse for 15 billion medical claims each year, accounting for nearly 40% of all claims, according to the House Energy and Commerce Committee.
The ransomware affected pharmacies across the United States, including big-name stores like CVS Health and Walgreens, and caused a large backlog of unfilled prescriptions, according to a warning from the New Jersey Cybersecurity and Communications Integration Cell.
Additionally, hospitals that were unable to process claims lost millions of dollars. According to a survey by the American Hospital Association, 94% of hospitals experienced a financial impact from the attack, with more than half calling the impact “severe” or “severe.”
More than 80% of hospitals reported a cyber attack that impacted their cash flow, with nearly 60% saying their revenue was impacted by more than $1 million per day.
A temporary financial assistance program has been launched to assist providers facing hardship. “As of October 15, recipients of program funds have repaid $3.2 billion,” the company said in a statement.
The cyberattack also compromised the personal health data of at least 100 million people (nearly one-third of Americans), making it the largest health data breach in history, according to a breach report filed with the U.S. Department of State's Office for Civil Rights. It is said that it became. Health and welfare services.
In March, the Office for Civil Rights warned in a letter to health care workers that the incident was “disrupting health care and billing information systems across the country.”
“This incident poses a direct threat to vital patient care and the critical operations of the healthcare industry,” the office said.
An investigation into the cyberattack and whether Change Healthcare and UnitedHealth violated patient privacy laws is ongoing.
“Given the volume and complexity of the data involved, we continue to regularly notify potentially affected individuals as soon as possible and the investigation is still in its final stages,” United Health said in a statement.
New Jersey residents who believe they may have been affected can receive two years of free credit monitoring and identity theft protection. Consumers can register for the Service at www.changecybersupport.com or by calling 1-888-846-4705.
Ransomware and hacking are major threats in the healthcare industry. According to the U.S. Department of Health and Human Services, health plans and business associates account for approximately 49% of the 100 largest data breaches since 2023.
“The Change Healthcare attacks provide a case study of the severe impact on patients, physicians, hospitals, pharmacies, laboratories, and countless other healthcare professionals,” said the American Medical Association Executive Vice President and CEO. ) says Dr. James L. Madara in his paper. Letter to the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency.
“As a nation, we must protect our infrastructure, technology, and systems from attackers who seek to misuse sensitive health data, exploit the vulnerabilities of under-resourced populations, and promote widespread disruption across the health care industry. We need to do better to protect them,” Madara wrote.
Support the local journalism you rely on by subscribing today.
Contact Jackie Roman at jroman@njadvancemedia.com.
