How to resolve outstanding claims from the Change Healthcare cyber attack

In recent years, cyber attacks have become increasingly prevalent and sophisticated, posing a significant threat to organizations across various industries. One such attack that has garnered attention is the Change Healthcare cyber attack, which has had a profound impact on healthcare providers. This article aims to offer guidance on how to respond and mitigate the damage.

Key Takeaways

• Understanding how the Change Healthcare cyber attack has impacted healthcare providers
• Steps to resolve outstanding claims impacted by Change Healthcare’s outage
• Evaluating your organization’s cybersecurity
• Financial compensation for damages

Understanding the Change Healthcare cyber attack and its impact on healthcare providers

The Change Healthcare cyber attack occurred when hackers gained unauthorized access to the company’s systems, compromising sensitive data belonging to healthcare providers. This breach exposed patient information, including personal and medical records, putting individuals at risk of identity theft and other malicious activities. The impact on healthcare providers was significant, as they were left grappling with the aftermath of the breach, including potential legal and financial consequences.

The consequences of the cyber attack on healthcare providers are far-reaching. There was the immediate disruption caused by the breach itself, which led to downtime and loss of productivity as systems were shut down and investigated. Furthermore, there are still payers working to issue remittance for claims impacted by the Change Healthcare shutdown. 

A survey conducted by the American Medical Association (AMA) showed the extent of the damage. In percentage of surveyed practices affected:

• 36% have seen claims payments suspended
• 32% have not been able to submit claims
• 77% of respondents said they experienced service disruptions
• 80% of providers said they lost revenue from unpaid claims
• 78% lost revenue from claims that they have been unable to submit
• 55% have used personal funds to cover expenses incurred as a result of the attack

In the survey, some practitioners shared their pain in words, in comments such as “This cyberattack is leading me to bankruptcy, and I am just about out of cash.” Other respondents said, “This crippled our brand new practice. I am keeping the lights on using personal funds.” Another practitioner said that the incident may bankrupt their “practice of 50 years” in a rural community.

Steps to take to resolve outstanding claims with payers impacted by the Change Healthcare cyber attack

1. Consistency is key. Follow-up regularly and diligently on any open claims from mid January through mid March.
2. You will find quite a few claims are not on file. Even though your clearinghouse may not have been impacted, MODPractice has discovered any payers that were using Change Healthcare for processing during that time have a “no claim on file rate” of 50-75%.
3. Resubmit the claim via portal or email if those options are available. Claims submitted via portal are typically processed within 24-48 hours. Guardian has been very responsive to claims via email in an effort to get their processing back on track.
4. Some EOBs are still not availbable. There are numerous payers of all sizes that have sent claim payments but the EOBs are not accessible for posting. In some instances, you can call the payer and they will be able to provide at least the patient names that were paid on that remittance and in some instances, can provide verbal line by line payment detail. 

Evaluating your organization’s cybersecurity measures and implementing improvements to prevent future attacks

In light of the cyber attack, healthcare providers must re-evaluate their existing cybersecurity measures and identify areas for improvement. We’re all vulnerable. This involves conducting a comprehensive assessment of current systems, policies, and procedures to identify vulnerabilities and gaps in security.

Healthcare providers should consider engaging external cybersecurity experts to conduct a thorough audit of their systems and provide recommendations for improvement. This may include implementing multi-factor authentication, regularly updating software and security patches, conducting regular employee training on cybersecurity best practices, and establishing incident response plans.

Seeking financial compensation for damages incurred as a result of the cyber attack

Healthcare providers may be entitled to seek financial compensation for damages incurred as a result of the cyber attack. This may include costs associated with investigating and remediating the breach, as well as any financial losses resulting from reputational damage or legal proceedings. 24 class action lawsuits have been filed against Change Healthcare in response to the cyber attack: 11 by payers and 13 by individuals.   

To seek financial compensation, healthcare providers should consult with their legal team to determine the appropriate course of action. This may involve filing insurance claims, pursuing legal action against the perpetrators or third-party service providers, or engaging in settlement negotiations. It is important to gather evidence and documentation to support the claim and work closely with legal experts who specialize in cybersecurity litigation.

Need help recovering your payments?

MODPractice has helped numerous offices and groups recover outstanding payments delayed by the Change Healthcare cyber attack. Shoot us an email if you need assistance! info@modpractice.com