Insurers criticized for profiting during Change cyberattack crisis, while providers struggle

Insurers Criticized for Profiting Amid Change Cyberattack Crisis

The House Subcommittee on Health and witnesses took aim at insurers on Tuesday for continuing to rake in profits during the Change cyberattack crisis, while hospitals and health systems face revenue losses and some physician practices teeter on the edge of bankruptcy.

Representatives called out UnitedHealth Group for its absence at the hearing on the Change cyberattack, with Rep. Cathy McMorris Rodgers, R-Wash., noting that the company chose not to make anyone available while holding its Q1 earnings call on the same day.

Witnesses at the hearing, titled “Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack,” criticized insurers for their inflexibility in helping providers get claims paid. Despite providers being forced to submit paper claims after the cyberattack shut down Change’s electronic processing system, insurers made no accommodations to accept anything other than electronic payments.

Dr. Kimberly Merle Schrier, D-Wash., highlighted the struggles faced by Kittitas Valley Healthcare, a small rural hospital in Washington, which has only recouped 50% of their regular March receipts nearly two months after the attack. Many national commercial payers have refused to provide any flexibility, leaving hospitals to file claims manually while insurers sit on reimbursements.

John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, noted that other commercial payers are reluctant to provide advance payments, further exacerbating the financial strain on providers.

UnitedHealth Group has offered advance payments through a financial assistance program, but it has not been sufficient to meet the needs of providers, according to orthopedic spine surgeon Dr. Adam Bruggeman. Many providers have turned to Availity for claims processing as they navigate the aftermath of the cyberattack.

Hospitals were quick to identify issues with the claims system following the cyberattack, but communication from UnitedHealth Group was initially lacking, according to Riggi. While there is no confirmation of data stolen, the impact on patients’ personal health information remains a concern.

In response to the crisis, witnesses emphasized the need for Congress to address the root of the problem and provide resources to combat cyber threats. Greater transparency, information sharing, and federal support are essential to bolster cybersecurity in the healthcare sector.

As providers continue to grapple with the fallout from the Change cyberattack, the spotlight remains on insurers and their role in supporting the industry during times of crisis. The need for collaboration, flexibility, and proactive measures to safeguard healthcare data and financial stability has never been more critical.