Washington
CNN
—
A week after a cyberattack disrupted insurance processing at pharmacies across the U.S., health care professionals from Maryland to New York tell CNN that the hack could continue to disrupt business and reduce revenue. He said there is.
Laeya Disney, a psychotherapist who works with trauma survivors in Maryland, said she worries that if the billing suspension lasts longer, “I'm at risk of having to give up my office space.”
“I started billing manually and I'm praying that it gets paid,” Disney told CNN.
Purvi Parikh, an allergist who practices in New York, said the hacking incident “poses an additional burden on medical practices, hospitals, and pharmacies that are looking for alternative ways to submit insurance claims and fill prescriptions.” ” he said. ”
Parikh said he has not been able to file a claim with his insurance company for a week.
This is all part of the fallout from the cyber attack that hit Change Healthcare a week ago. Change Healthcare is a division of UnitedHealth, a medical technology giant that processes insurance prescriptions for tens of thousands of pharmacies across the country.
Some healthcare providers are losing more than $100 million a day due to the outage, said Carter Groom, CEO of Health First Advisory, a cybersecurity firm that serves major healthcare institutions as clients. It was estimated that there was.
“That's not sustainable in an industry where there's not a lot of cash on hand,” Groom told CNN.
“This is our colonial pipeline,” he said. A 2021 ransomware outbreak on one of the largest pipelines in the U.S. disrupted fuel shipments for several days, and ransomware threatened national security. I mentioned the above concerns that have taken hold in the minds of senior US officials.
Elevance Health, which owns Anthem Blue Cross and Blue Shield and insures millions of Americans, said it was hacked and decided to change its services to Change Healthcare “out of an abundance of caution.” The company lost network connectivity, Elevance spokeswoman Leslie Porras told CNN in an email.
“Our members' ability to access medical care and services or fill prescriptions will not be affected,” Porras said.
Change Health Care said its affected networks were still offline as of Wednesday morning. Company spokesman Tyler Mason said claims submissions have returned to “pre-disruption levels” as providers are using “alternative clearinghouses” to submit claims. He said there was.
Mason said doctors and patients can use these workarounds to address the problems described by Parikh and Disney.
“Since identifying the cyber incident, we have been working closely with our customers and clients to ensure people receive the medications and care they need,” Mason said in an email.. “As we remediate, the most affected partners are those who have been disconnected from the system or who have chosen not to implement workarounds. ”
But confusion persists among some medical experts about how to adapt to the situation.
Amy Cizik, a medical researcher in Utah, has been trying for days to get her insurance processed through a pharmacy in Salt Lake City. Cizik told CNN that her 16-year-old daughter has a rare genetic syndrome and that she takes multiple medications to manage the symptoms associated with the syndrome.
“She needs that medication to function well in school and to function well in our home,” Cizik said.
Because his medication ran out, Cizik said he spent an hour on the phone Tuesday trying to resolve the situation. Her pharmacy turned her over to her insurance company, which transferred her to another company that handles prescription drug benefits on their behalf.
No one could solve the problem, she said.
“As someone who has a child with a chronic illness and requires multiple prescriptions and works full time, taking care of her is a completely different job,” she said. “And this just adds to that.”
Cizik said the pharmacy was finally able to process her insurance Wednesday morning, narrowly avoiding paying $1,000 for over-the-counter medication.
Senior U.S. cyber officials have been concerned about a cyberattack from the moment news of the hack broke. Officials from the FBI, the Department of Health and Human Services (HHS), and the Department of Homeland Security have been on regular calls for several days trying to resolve the issue, CNN previously reported.
HHS Deputy Secretary Andrea Palm told CNN on Tuesday that the department remains in close contact with Change Healthcare as it works to restore its network.
Forensic evidence recovered in the investigation points to a prolific ransomware group as being responsible for the hack, according to a private briefing by Change Healthcare executives to other healthcare executives. Two people familiar with the matter told CNN.
Ransomware gangs, including Russian-speaking cybercriminals, rent so-called malicious software known as ALPHV or BlackCat. Hackers using the malware claim to have carried out numerous attacks against U.S. universities, healthcare providers, and hotels over the past 18 months. On Wednesday, a ransomware gang claimed responsibility for hacking Change Healthcare and listed the company as a victim on its dark website.
Reuters first reported on the connection between ALPHV ransomware and the Change Healthcare hack.
In December, the Justice Department announced an operation targeting the ALPHV gang, seizing some of its computer infrastructure. But deep-pocketed cybercrime groups often bounce back from crackdowns by U.S. law enforcement.
As of Tuesday afternoon, the American Hospital Association (AHA), a trade group that represents thousands of hospitals and clinics across the country, said its members were still reporting cyberattacks disrupting the processing of insurance claims. said John Rigi. AHA's National Advisor on Cybersecurity and Risk told CNN.
“This was a coordinated attack,” Rizzi said. “This wasn't just an attack on Change Healthcare. This was an attack on the entire medical field.”
