Last month’s massive cyberattack against a major health care system has forced millions of Americans to either stop taking their medications or pay exorbitant fees out of pocket.
The impact of the hack by the cyber gang BlackCat is so severe that hospital groups are urging the federal government to step in and provide expedited payments to doctors’ offices, pharmacies and other healthcare providers currently struggling to bill patients and receive payments.
Change Healthcare, a subsidiary of insurance giant UnitedHealth Group, processes billing claims and payments to insurers.
The ransomware attack on the company, which reportedly processes 15 billion claims totaling more than $1.5 trillion annually, affected nearly every aspect of its business.
The hack has left pharmacies unable to process insurance payments, forcing desperate Americans to hand over potentially thousands of dollars for drugs that would normally be covered by insurance and cost much less.
And people who rely on medications every day have detailed on DailyMail.com the trials and tribulations they endured to get their life-saving prescriptions.
The number of cyber attacks on healthcare providers has more than doubled since 2016: 91 per year in 2021 compared to 43 five years ago
Change Healthcare has launched a temporary financing program for providers struggling with cash flow after the cyber attack.
The program requires the money to be refunded and gave no indication of when the normal billing process would resume.
Optum Financial Services, through which the program is offered, said: “We have been able to estimate your average weekly payments, which will form the basis for the support.
“Our plan is to take this week by week, with people raising money each week as needs continue.”
But the American Hospital Association, a trade group representing nearly 5,000 health care systems, blasted the company for making the funding available only to an “extremely small” number of hospitals.
The group sent letters to leaders of Congress and the UnitedHealth group, urging both entities to do more.
In its communications with United, the group said the company’s temporary financing program was “not even a Band-Aid for the payment problems you identify.”
The AHA continued, “As you know, hospitals across America are typically reimbursed on a daily basis by health insurers who rely on Change Healthcare to both receive and pay claims.
“Every day that Change Healthcare’s core functionality goes down is a day that providers don’t receive the funding they need to pay doctors and nurses, purchase medical supplies, and keep complex facilities open to provide 24/7 patient care. ‘
The group also told Congress that the cyberattack was “the most significant cyberattack on the U.S. health care system in American history.”
And Democrats appear to agree with the federal government’s increasing payments to thousands of hospitals.
Senate Majority Leader Chuck Schumer said the delay in payments to health care providers is “costing hospitals across the country millions for every week this continues, and some people are even having trouble getting prescriptions from their local pharmacy.”
“We must provide our hospitals with the immediate relief they need so they are not forced to reduce patient care.”
Hospitals and physicians submit insurance claims to cover all or part of their patients’ care. But with the system in its current state, they can’t do that, which hurts their bottom line and ultimately the quality of care they can deliver.
For its part, UnitedHealth Group has not proposed a date for when the issues will be resolved.
Tyler Mason, UHG’s vice president of communications, told DailyMail.com: “We are focused on investigating and restoring operations at Change.”
But patients have described a frustrating ordeal in obtaining the drugs they depend on, and in some cases are being forced to pay more than $2,000 for a prescription that would normally cost them between $10 and $30.
Seattle-area native Olivia Coltrane said her regular prescription of generic Vyvance to treat her ADHD normally costs about $3, but she was charged $92, a markup of nearly 3,000 percent.
Ms Coltrane told DailyMail.com how much effort it took to get her medication, and even when she did, it was only for a two-week supply.
Her doctor sent the prescription to her local Costco pharmacy three to four times, but they did not receive it.
When she finally called to check in for the fourth time, the pharmacist informed her of a system-wide hack and that her doctor’s electronic prescribing platform was down.
She was told she needed a paper prescription, something her doctor usually doesn’t do.
Ms. Coltrane told this website, “So the doctor’s office is trying to find another provider that will require me to drive an hour and a half to get the physical prescription.
‘And they say, “Oh yeah, we have someone, but he’s working from home today.” So I called the insurance company, and they could only make an exception until five o’clock that day.
“I spent two and a half hours on the phone with insurance companies, pharmacies and doctors just to get my medication refilled.”
She was eventually able to fill her script at another hospital pharmacy, but she only has seven days of medication left and isn’t sure how her next search for a refill will go.
She said, “All I can do is hope they have it in stock.”
Meanwhile, in Arizona, Margaret Brown, 50, has struggled for weeks to secure her son’s insulin for his type 1 diabetes.
In late February, she called for a refill and was told by a pharmacist that a recent breach had disrupted their ability to fill scripts and bill insurance.
Normally, Ms. Brown spends zero dollars for a month’s worth of insulin, but this time she would have to pay $400.
She told DailyMail.com that because he still had some insulin left, she waited a while before calling the pharmacy back to see if her claim had been processed.
She said: Yesterday I went to the pharmacy and asked again. And they never called me or anything. I happened to go there and they said it was done and it was going ahead.
“So he didn’t go without, but if he went without, I would have had to pay the $400.”
Ms. Coltrane and Ms. Brown both expressed concern about other Americans who rely on crucial medications and cannot get them.
Mrs Brown said the situation was especially unnerving given her son’s need for insulin, adding: ‘I can’t imagine what other people go through with other types of medicine, like high blood pressure or things like that. Don’t know. Maybe they just pay for it, but insulin is simply too expensive for the average person.’
This was far from the first cyberattack on healthcare systems. 88 percent of healthcare systems surveyed last year said they had experienced at least one attack in the past year.
Sixty-eight percent of respondents who experienced ransomware attacks said the attacks had a negative impact on patient safety and care.
The White House is considering a range of options to respond to this attack and deter more in the future, including retaliatory measures against the cyber gang and longer-term initiatives aimed at strengthening hospital cybersecurity and banning ransom payments in the future. reported.
The recent hack affected UnitedHealth’s Optum mail-order pharmacy service, as well as several other pharmacies such as Walgreens, CVS, Costco, Publix and Kroger.
CVS Health, which serves about 100 million Americans every day at 9,000 pharmacies, said the hack meant it could not process insurance claims “in certain cases.”
“We are committed to ensuring access to care as we navigate this disruption,” the company’s statement said. A spokesperson for the chain did not immediately provide further details.
And Walgreens, which serves nine million customers, said a “small percentage” of its prescriptions “could be affected.” Still, the company had safeguards in place to process and complete these “with minimal delay or disruption.”
The company said it had no additional information about the incident.
The February 21 hack forced Change Healthcare to disconnect all its systems to reduce the risk of an even bigger attack.
But that move led to the suspension of more than 100 services and the risk that hospital systems and other providers would soon become insolvent.
According to First Health Advisory, a private risk management firm, the hack has apparently cost them around $100 million every day.
The impact of the hack has been compared to that of the 2021 Colonial Pipeline ransomware attack, where cybercriminals stole 100 gigabytes of data within a two-hour period.
Like that attack, the latter marks a crisis for the industry and an overall national security concern.
On Sunday evening, someone claiming to be from a BlackCat affiliate posted on the cybercrime forum Ramp that UHG paid a $22 million ransom in the form of Bitcoin, but the claim has not been verified.
However, if true, this would set a dangerous precedent for terrorists to indulge in cyber attacks.