Small medical practices will close due to Change cyberattack, AMA says

The ongoing impact of the February 21 Change Healthcare cyberattack and subsequent system outage threatens the sustainability of physician practices across the country, potentially resulting in closures, which could destabilize patient care in some areas, according to the findings of an informal survey by the American Medical Association.

Practices of 10 physicians or fewer — the largest share of the survey’s 1,400 respondents, or 78% — appear to have been particularly hard hit, AMA said in an announcement last week, noting that despite the challenges, practices are showing of resilience, with only 15% reporting that their practices reduced the number of hours since the disruption began.

However, AMA is concerned that many will not be able to continue for much longer and highlighted the serious impact on patient care that survey respondents reported.


The suspected ALPHV ransomware attack on Change Healthcare first affected pharmacies and access to drug treatments across the country, but it didn’t take long for healthcare organizations to feel financial pressure.

With the revenue cycle disrupted by Change’s knockout, most practices contacted by medical associations and national medical specialty associations on behalf of AMA between March 26 and April 3 experienced service disruptions – in fact, 77% of them.

More lost revenue from unpaid claims – 80% – and even more people spent additional time and resources on what respondents perceived as substantial use of workarounds – 85%.

The investigation was conducted after UnitedHealth Group said claims processes would resume the weekend of March 23, AMA said. Although some claims processing systems have been restored, many services are only partially operational, while many others are still in use UHG’s online Change Healthcare cyber response update page.

The high level of disruption has led to serious consequences for medical practices, according to the AMA findings.

“The research is also a reminder of the vulnerability of physician practices,” the organization said. It noted that claims payments and other financial impacts will continue despite new arrangements with alternative clearinghouses because the event has been costly for small practices.

“We couldn’t afford the costs for this.” one respondent told AMA. “Other clearinghouses are taking advantage and small practices like mine, already suffering without any money coming in, can’t afford to pay three times as much to take the time to switch clearinghouses.”

Another respondent broke down the numbers for a solution:

“About $10,000 just to set up a ‘back-up’ clearinghouse,” they said. “In addition, one of our payers has changed clearinghouses, and they have told us that we will be adding an additional 2% surcharge on all claims, which will cost the organization approximately $1,000,000.”

Physician practices reported receiving advance payments, temporary financial assistance, and loans, including from the Centers for Medicare & Medicaid Services – 12% – UnitedHealth Group/Optum – 25% – other health plans and state Medicaid programs – 4.5% and 0, respectively. 7% .

Of serious concern is that patient care has also suffered, respondents reported, with AMA highlighting the risks to patient access.

“Many respondents are concerned about the negative impact this attack has had on patient care,” the association said.

In addition to procedural delays, canceled appointments due to lost access to insurance verification and the inability to obtain medications that caused at least one patient’s illness to flare up “significantly,” one respondent said the disruption “has seriously affected our ability to manage pain care ‘. with our cancer patients.”


While more efforts are needed to prevent the chain reactions of cyberattacks that occurred following the Change Healthcare cyberattack, the American Hospital Association recently shared concerns with the House Committee on Energy and Commerce’s Subcommittee on Health about imposing fines or reducing Medicare payments that “would unfairly penalize hospitals and not improve the cybersecurity of the entire healthcare industry.”

AHA told lawmakers Wednesday during the Department of Health and Human Services Budget hearing for Fiscal Year 2025 that imposing potential fines on hospitals and other health care organizations could reduce an organization’s resources needed for cyber defense.

“The cybersecurity proposal put forward in the President’s FY 2025 budget that would penalize hospitals is misleading and will not improve the overall healthcare cybersecurity posture,” AHA said in its report. testimony.


“This survey data shows in stark terms that practices will close because of this incident and patients will lose access to their doctors,” said AMA President Dr. Jesse M. Ehrenfeld said in a statement. “The one-two punch of mounting Medicare cuts and the inability to process claims resulting from this attack is devastating to physician practices already struggling to keep their doors open.”

Andrea Fox is editor-in-chief of Healthcare IT News.

Healthcare IT News is a HIMSS Media publication.