Thought Leadership Healthquake™: Crisis Management: Surviving the Change Healthcare Cyberattack

Thought Leadership Healthquake™: Perspectives on “Value” in Healthcare

by Michael N. Brown, CEO

In recent years, the world has witnessed a dramatic escalation in cyberattacks, with the healthcare sector emerging as a prime target. Among these attacks, the Change Healthcare breach that occurred on February 21, 2024, stands out as a potent example of the vulnerability of the healthcare infrastructure to malicious actors. If you are a medical billing company or a healthcare organization that relies on one to get paid, surviving an attack like this one requires key measures in place. In this installment of HealthQuake, we delve into the critical steps needed to navigate such crises.

As one of the largest healthcare technology companies globally, the Change Healthcare cyberattack sent shockwaves through the healthcare industry. To illustrate the extensive impact on the healthcare sector, consider these facts:

Change Healthcare touches 1 in every 3 patient records in the U.S.

  • In response to a recent AHA survey of hospitals with nearly 1,000 responses, 74% reported direct patient care impact.
  • 94% of hospitals reported that the Change Healthcare cyberattack was impacting them financially, with more than half reporting the impact as “significant or serious.”
  • 33% of survey respondents indicated that the attack has disrupted more than half of their revenue

As you can see above, not only did the attack compromise sensitive patient data, but it severely reduced cash flow, threatening the survival of healthcare organizations and compromising their ability to provide care. How did that happen? The data breach forced Change Healthcare to place an immediate halt to critical Electronic Data Interchange (EDI) services to healthcare providers and payers, many of whom were ill-prepared for such a disruption. The services that ceased operations on February 21, 2024, and continued to cease until March 15, 2024, included (but were not limited to) the following:

  • Patient Eligibility Checks
  • Prior Authorization of Services
  • Claim Submission
  • Claim Scrubbers, to ensure “clean claims” are delivered to payors
  • Payment Remittance
  • Patient Statements

If you were a healthcare organization that relied on Change Healthcare’s services to pre-authorize your services, or submit bills to insurance payors to get paid, and to receive those payments, as so many organizations do, how did you survive? Unfortunately, the answer in many cases is that you didn’t—or that you did, but just barely.

In the face of such a crisis, survival hinges on swift and decisive action in tandem with a backup plan. Technology serves us all and is crucial in medical billing. However, if an organization doesn’t have the knowledge, skills, and manpower to execute when technology fails, the organization will fail alongside the technology. Now that hackers have set their sights on the healthcare sector, the risk of a cyberattack decimating your organization’s finances is greater than ever.

In the case of the Change Healthcare response, successful medical billing organizations manually performed many functions to keep claim submission and collection operations flowing. This was done by:

  • Manually keying claims into payor portals
  • Utilizing client bank statements as notice of payment
  • Manually pulling payment remittance (EOBs) from payor portals
  • Printing and mailing patient statements

Who did all of this? People! If you didn’t have the setup or manpower to make it happen, or your manpower was not properly trained to execute, you were in serious trouble. Companies need to ensure that their employees know how to perform their job duties correctly even when the usual technology isn’t immediately available.

Organizations must adopt a proactive stance, anticipating and preparing for inevitable breaches or shutdowns. This entails a robust incident response plan, regular training and simulations, and continuous cost containment. Furthermore, surviving a cyberattack requires a holistic approach that extends beyond technical solutions and incorporates the human element. A blended approach—a strategic mix of technology and human capital—is essential.

The Change Healthcare cyberattack underscores the interconnected nature of cybersecurity risks. In an increasingly digitized healthcare ecosystem, vulnerabilities in one part of the system can reverberate across the entire network. By building resilience into their operations and communicating effectively with clients, organizations can better withstand tech outages and minimize their impact.

Are you, or your billers, prepared for the next tech shutdown?

1. American Hospital Association: Congress Urged to Help Hospitals Impacted by Change Healthcare Attack: