$1 Billion a Day: Unpacking the Financial Aftershock of the Change Healthcare Cyber-Attack

The fallout of the recent cyber-attack on UnitedHealth’s Change Healthcare is only getting worse, with the attack costing service providers nearly $1 billion a day, according to recent reports.

Change Healthcare is one of the largest vendor claim processing networks in the world, managing 1 of every 3 U.S. patient records and processes nearly 15 billion transactions per year. Which means the attack impacted not only the data of exposed patients, but also their ability to access medical care and prescriptions.

The attack also systemically shutdown insurance, billing, payments and prescriptions for network providers, essentially shutting down their revenue pipeline and cash flow, forcing healthcare providers to explore every possible financial avenue to keep their doors open.

Due to its massive scale, many consider the attack on Change Healthcare to be one of the most devastating and disruptive cyber-attacks on the healthcare industry to date.

How Severe is the Financial Impact of the Change Healthcare Cyber-Attack?

Although it’s been a few weeks since the initial report of the attack, the disruption to providers' financials is still at emergency levels. Because of an inability to process insurance claims or payments, many network providers must borrow money simply to make payroll or rent.

Brad Larsen, a psychologist and founder of Portland Mental Health & Wellness in Oregon, said the outage has caused a three-week gap in cash flow, forcing the practice to borrow nearly $300,000 to meet monthly payroll.

The idea that healthcare organizations and providers are nearly out of cash within a few weeks may seem absurd to patients who endure ever-increasing costs of care. However, this attack has shown how fragile the healthcare revenue cycle can be.

The financial impact has reached such levels that the federal government is now involved, announcing an emergency funding program (CHOPD) for providers and issuing a poignant letter to UnitedHealth group with strong recommendations for how to support impacted parties.  

UnitedHealthcare did announced a temporary funding assistance program for providers on their Information on the Change Healthcare Cyber Response page as well.

The Human Impact of the Change Healthcare Cyber-Attack

Besides the financial impact to healthcare providers, the attack is more importantly creating concerns for the health and wellbeing patients. Aside from potentially exposing personal and private data (which has not been confirmed as of this article), for many, this attack has added more red tape to an already convoluted insurance process.

Despite providers offering workarounds for network members to access medical services and prescriptions through alternative clearing houses, both providers and patients are still reporting issues obtaining necessary medical care due to the complications from the attack.

In one instance, a parent in Utah reported nearly running out medication to manage her teenage daughter’s rare genetic syndrome. After spending hours on the phone with both her pharmacy and insurance, she was able to get the medication last minute – and if they hadn’t sorted out the insurance issues, she would have been stuck with a $1,000 bill.

Change Healthcare System Cyber Attack Restoration Timeline

According to their website, Change Healthcare is still working aggressively to restore their systems and has provided a timeline estimating system functionality and availability. The timeline is copied below:

• Pharmacy services: Electronic prescribing is now fully functional, with claim submission and payment transmission also available as of today. We have taken action to make sure patients can access their medicines in the meantime, including Optum Rx pharmacies sending members their medications based on the date needed.
• Payments platform: Electronic payment functionality will be available for connection beginning March 15.
• Medical claims: We expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week.

But even if they meet the mid-March timeline, network providers still face an uphill challenge catching up from the outage. Experts believe that once systems are back online, it could take months to sort out patient eligibility and claims, and providers may potentially need to hire additional staff to handle the extra administrative burden.

Ransomware and the Healthcare Industry

While details on the attack are still minimal, the notorious BlackCat/ALPHV has claimed responsibility for this attack, and there are reports of a $22 million ransom , paid on March 1^st in connection to the attack.

And with lawsuits already piling up and providers announcing their departure from UnitedHealth’s Change Healthcare network, the reality is that this systemic attack will not be an isolated incident.

In fact, ransomware attacks on the healthcare industry are lucrative business for threat actors due to the trove of financial and patient data, the scope of disruption, the human factor and the fact that the industry as a whole lacks strong cybersecurity protection. That’s why it’s no surprise that ransomware attacks in the healthcare sector nearly doubled in 2023 from 2021.

What Can Healthcare Organizations Learn from the Change Healthcare Attack?

The Change Healthcare attack should act as a wake-up call for healthcare organizations about the importance of investing in strong cybersecurity measures, the fragility of the healthcare industry framework and the importance of third-party risk management.

More specifically, attacks like this one highlight the importance of business contingency plans, Active Directory’s role in network protection, payment portal access management, contingency planning and finding the right cybersecurity partner for your organization.

If you have any questions related to the Change Healthcare attack or concerns about your organization’s cybersecurity posture, please reach out to our team at [email protected].

Related Links

• United Health – Information on the Change Healthcare Cyber Response
• Fact Sheet – CHOPD Accelerated Payments to Part A Providers and Advance Payments to Part B Suppliers

About Schneider Downs Cybersecurity

The Schneider Downs Cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe. 

To learn more, visit our dedicated Cybersecurity page.