Change Healthcare , one of the largest health payment processing companies in the world, was affected by a ransomware attack on Feb. 21.
The company acts as a clearinghouse for 15 billion medical claims each year, accounting for nearly 40% of all claims, according to the House Committee on Energy and Commerce.
The ransomware affected pharmacies across the nation, including household names like CVS Health and Walgreens, causing a significant backlog of unprocessed prescriptions, according to an alert from the New Jersey Cybersecurity and Communications Integration Cell.
In addition, hospitals unable to process claims lost millions of dollars. Asurvey by the American Hospital Association found 94% of hospitals experienced a financial impact from the attack, with more than half calling the impact “significant” or “serious.”
More than 80% of hospitals reported the cyberattack affected their cash flow, and of those, nearly 60% said more than $1 million in revenue was affected each day, it said.
A Temporary Funding Assistance Program was launched to help struggling providers. The company said that “as of October 15, recipients of program funding have repaid $3.2 billion.”
The cyber attack also compromised the personal health data of at least 100 million people — nearly one-third of Americans — making it the largest healthcare data breach in history, according to a breach report filed with the Office for Civil Rights, under the U.S. Department of Health and Human Services.
The Office of Civil Rights issued a letter in March to healthcare providers warning that the incident was “disrupting health care and billing information systems nationwide.”
“The incident poses a direct threat to critically needed patient care and essential operations of the health care industry,” the office said.
An investigation into the cyber attack, as well as whether Change Healthcare and UnitedHealth violated any patient privacy laws, is ongoing.
“We continue to notify potentially impacted individuals as quickly as possible, on a rolling basis, given the volume and complexity of the data involved and the investigation is still in its final stages,” United Health said in a statement.
Any New Jersey residents who think they may have been impacted are eligible for free credit monitoring and identity theft protections for two years. Consumers can enroll in the service at www.changecybersupport.com or by calling 1-888-846-4705.
Ransomware and hacking are major threats in the healthcare industry. Since 2023, health plans and business associates have accounted for approximately 49% of the 100 largest data breaches, according to the U.S. Department of Health and Human Services.
“The Change Healthcare attack offers a case study of the acute impact on patients, physicians, hospitals, pharmacies, labs and countless additional health care professionals,” Dr. James L. Madara, American Medical Association Executive Vice President and CEO, wrote in a letter to the U.S. Department for Homeland Security’s Cybersecurity and Infrastructure Security Agency.
“As a nation, we need to do better to protect our infrastructure, technologies, and systems from threat actors that seek to exploit our sensitive health care data, abuse the vulnerabilities of under-resourced populations, and promote widespread disruptions across the health care industry,” Madara wrote.
©2024 Advance Local Media LLC, Distributed by Tribune Content Agency, LLC.
