Skip to content

Mitigating the Revenue Cycle Impacts of the Change Healthcare Cyberattack

An abstract image featuring computer code and technical jargon
| August 14, 2024

Mitigating the Revenue Cycle Impacts of the Change Healthcare Cyberattack

The explosion of healthcare technology utilization over recent years has inevitably led to the rise of rampant cyberattacks. From 2018 to 2022, the number of healthcare data breaches skyrocketed by 93%.1 However, the worst was yet to come. In early 2024, the industry suffered a data breach on an unprecedented scale, generating a disastrous chain of events that threatened the financial viability of countless providers across the country.

The Change Healthcare Cyberattack: An Overview

On February 21, 2024, what can only be described as one of the most catastrophic healthcare disruptions shook the financial foundation of thousands of hospitals and medical practices. Change Healthcare, a subsidiary of UnitedHealth Group (UHG) — the largest healthcare organization in the country — suffered a major cybersecurity attack that forced the network to shut down operations across 111 services. Claims processing came to a screeching halt for 1 million physicians, 6,000 hospitals, and 2,400 payers. These providers could no longer access eligibility verification, claims submission, electronic remittance advices (ERAs), claim status, payment processing, or Change pharmacy and prescription services.

The impact has been devastating. According to one nationwide hospital survey:2

  • 94% were financially affected by the cyberattack
  • Almost 60% said the breach cost them $1 million each day or more
  • 74% report the data breach impacted patient care

With one in three patients impacted by the cyberattack and subsequent shutdown of Change Healthcare, it was up to revenue cycle management (RCM) firms like Med USA to scramble to find solutions to close the widening gaps in cash flow.

How Med USA Rapidly Restored Claim Submission and Payment Posting

After learning about the cyberattack, Med USA immediately went to work to protect many of our clients from the potential financial impacts of this breach. Staying in close communication with both Change Healthcare and our software vendor partners, we initiated alternative strategies for electronic claims submission, beginning with manual entry while our in-house engineering teams reworked our proprietary software around the disconnect. Within three days, we started submitting claims again — a significantly faster response than many other RCM companies with fewer in-house capabilities — while many practices waited to resume submissions until Change Healthcare fully restored its services.

In just 30 days, Med USA was able to revive the second process crucial to helping our clients maintain a steady cash flow: payment posting. By manually retrieving EOBs from payer sites, our team worked diligently to get every dollar possible back into our clients’ hands. Within one month, we achieved 83% of the prior monthly average benchmark for payment processing. This figure is a testament to our team’s agility, problem-solving, and deep commitment to our clients.

Looking Forward: How the Attack is Reshaping Cybersecurity for Healthcare Practices

It comes as no surprise that most of the industry is now overhauling its approach to cybersecurity — and Med USA is no different. We continue to work with a third party to ensure our cybersecurity adheres to the most stringent standards and best practices for healthcare fraud prevention. This includes around-the-clock monitoring of all systems and devices to close gaps in our network before they even open. By staying on the cutting edge of healthcare billing compliance and security, Med USA continues to provide the best possible protection against cyberattacks and data breaches, giving our clients peace of mind about their data, their patients, and their revenue.

Want to learn more about protecting your practice against the financial impacts of cyberattacks?

Talk to a Med USA representative today!


Sources

  1. Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services. (2023). U.S. Department of Health and Human Services. https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf
  2. AHA Survey: Change Healthcare Cyberattack Having Significant Disruptions on Patient Care, Hospitals’ Finances. (March 2024). American Hospital Association. https://www.aha.org/system/files/media/file/2024/03/aha-survey-change-healthcare-cyberattack-significantly-disrupts-patient-care-hospitals-finances.pdf