WORCESTER — When it rains, it pours. The old adage about bad things happening together may also apply to the medical industry.
They are plagued by soaring medical costs, a severe shortage of nurses and family doctors, and “boarding houses” where patients are stuck in emergency rooms and hospital hallways for weeks, waiting for a bed to become available. Let's not forget the Steward Healthcare financial crisis.
Now, there's another log in the troubled healthcare fireplace. It's a cyber attack.
It happened almost a month ago on February 21st. A ransomware attack has crippled Change Healthcare and is hurting many healthcare organizations across the country, including parts of Worcester.
One of them is Revidas on Grove Street. The company provides mental health counseling to more than 200 customers. Revidas relies on the smooth processing of insurance claims, payroll and expense payments. However, a cyber attack on Change, a subsidiary of UnitedHealth Group, halted the process.
Change Healthcare, the nation's largest claims and payment clearing house, receives claims from healthcare providers and sends them to insurance companies.
Levidas' monthly salary is about $50,000, and managing director Jeff Kushner said the company has continued to contact customers since the cyberattack, even though many insurance claims have not been recovered.
“The industry cannot continue like this,” Kushner said.
He said Levidus continues to see clients due to ethical obligations, but is concerned that some providers may suspend services until Change Healthcare returns to normal operations. Kushner said some health care providers may have to refuse patients on government insurance plans such as Medicare or Medicaid and accept only cash payments.
Mr. Kushner is in contact with banks about possible financing to cover Change's costs until it gets back on its feet. That could reportedly start from Monday, when the company plans to bring its payments platform back online. The company hopes to have its medical billing network fully operational by Wednesday.
“I don’t think it’s realistic.”
Some are skeptical that it will be achieved on time, believing it will take longer for insurance reimbursements to reach the pace they were before the cyberattack. Sergio Melgar, executive vice president and chief financial officer of Massachusetts Memorial Health, said Monday's return to normalcy “doesn't seem realistic.”
The University of Massachusetts has been unable to bill for most medical services since February 21, Melgar said, totaling $11 million in lost reimbursements per day. The health system utilized an $80 million loan facility to help meet its financial obligations. It also required upfront payments from some payers, including Medicare, Medicaid and private insurance companies.
Despite the financial turmoil, hospitals continue to see patients. UMass will check the reliability of Change Healthcare's systems to ensure they are secure and capable of protecting patient and facility data before reconnecting.
Cash advance required
Melgar said how well Massachusetts can withstand the financial storm will depend on whether it receives cash advances from Medicare, Medicaid and other payers.
Melgar said the federal government has authorized intermediaries to provide cash advances for up to 30 days. An intermediary has received approval to provide approximately $2 million to Harrington Hospital. Melgar expects another intermediary to provide cash advances to the health system's large hospitals, including Massachusetts Memorial Medical Center.
“Ideally, this will avoid a funding shortfall until system operations return to normal activity cycles,” he said.
Meanwhile, pharmacy is the most affected clinical area at UMass, with challenges in verifying patients' eligibility for prescriptions. Although prescriptions are filled using manual submission and the use of other software tools, the pharmacy situation remains a challenge, Melgar said.
Melgar said claims are being processed by Community Healthlink, which partners with UMass Memorial Health and provides mental health, substance use and homelessness services. This is happening because Community Healthlink is the smallest provider in his UMass Memorial system.
However, other departments at the University of Massachusetts have been unable to submit claims since Feb. 21, and Melgar explained that the hospital's billing is done on a 30-day cycle. He expects there will be a “significant funding shortfall” in March.
St. Vincent's Hospital declined to comment when asked whether the cyberattack had affected its financial and clinical operations.
Questions and federal investigations
This leak has raised many questions, including how it happened and what can be done to prevent further leaks. It also shines a spotlight on the private and public sectors, taking a hard look at their operations and considering what they can do to better protect sensitive personal and organizational information.
The U.S. Department of Health and Human Services Office for Civil Rights is investigating UnitedHealth Group. Federal authorities said the breach reached a level of “unprecedented scale.”
Closer to home, state Sen. Michael Moore, D-Millbury, co-sponsored a bill to modernize electronic systems against cybersecurity threats. The bill would create a Cybersecurity Management Board of public and private sector experts to establish basic protections against data breaches.
“Leaving it to the private sector to self-regulate doesn't work,” Moore said. To emphasize the need for lawmakers to pass this bill, Moore cited a study by the Massachusetts Health and Hospital Association that showed the scale of the cyberattack on Change Healthcare, which targets 12 hospitals and health systems in Massachusetts. It was revealed that approximately $24 million in redemption losses were occurring every day.
“The amount of money that has impacted our hospitals and our health care system is enormous,” Moore said.
Former Governor Charlie Baker signed an executive order in December 2022 that strengthens the state's ability to prepare for and respond to cybersecurity incidents. Mr Melgar said the world's electronic interconnection meant vigilance was needed to protect businesses and individuals from cybercrime.
A bigger crisis?
Mr. Kushner hopes that Change Healthcare will return to claims processing in a timely manner sooner rather than later. His company's reimbursements are down 85% so far this month, and while Kushner is optimistic that Levidus will remain in the health care market despite the challenges, other providers are not so lucky. Maybe.
“We hope to have the (Change Healthcare) system on by the end of next week. Otherwise, there will be a bigger crisis that could put other providers out of business.”
Contact Henry Schwan at henry.schwan@telegram.com. Follow him on Twitter @henrytelegram
