Massachusetts hospitals are facing severe financial repercussions due to the Change Healthcare cyberattack, losing a staggering $24 million every day as the attack continues. The ALPHV/Blackcat cyberattack on Change Healthcare, a UnitedHealth Group subsidiary, on February 21, severely disrupted key healthcare systems.The aftermath is severe, with a recent survey conducted by the Massachusetts Health & Hospital Association (MHA) revealing the extent of the financial damages. Among the 12 surveyed hospitals and health systems, losses amount to approximately $24,154,000 daily, worsening an already precarious financial situation. With 71% of Massachusetts hospital systems currently grappling with negative operating margins, the limit to cash flow caused by the cyberattack has the potential to be catastrophic, threatening the financial viability of numerous healthcare institutions across the state.
Operational disruptions intensify these challenges, with about 75% of respondents reporting issues in key areas like claims processing, pharmacy operations, and patient data access. These disruptions affect various aspects of business, impacting Medicare, Medicaid, and commercial insurance operations, adding strain to already overstretched resources and administrative capacities. Karen Granoff, Senior Director of Managed Care at MHA, emphasizes the severity of the situation, “We’ve heard from members that it’s truly shocking how quickly this problem cascaded, and that it hits especially hard on top of the ongoing capacity, workforce, and financial challenges hospitals already are facing.”
UnitedHealth Group’s response to the crisis, including the implementation of workarounds and the rollout of a temporary funding assistance program, has been met with mixed reactions from stakeholders. While these measures offer some reassurance, the American Hospital Association (AHA) has raised concerns about the adequacy and terms of the assistance program. The AHA criticizes the program’s limitations, particularly its failure to address providers’ inability to file claims and its imposition of onerous payment terms. Stakeholders doubt UnitedHealth Group’s proposed restoration timeline, raising concerns regarding the lengthy recovery process with implications. Rick Pollack, President, and CEO of AHA, notes the prolonged aftermath, stating that “even after Change Healthcare’s technology is restored, it will be weeks – if not months – before our hospitals and other healthcare providers will be made whole.”
In response to the crisis, local Massachusetts-based health insurers have adopted a more collaborative approach, offering support and alternative methods for providers to manage the challenges. MHA’s proactive engagement with insurers demonstrates a concerted effort to mitigate the cyberattack’s impact, advocating for waivers, streamlined processes, and financial assistance to ease the burden on affected providers. Providers are also urged to explore alternative clearinghouse vendors and to leverage available resources to sustain operations amidst the ongoing disruption. However, challenges persist, and the road to recovery remains fraught with uncertainty. The fallout from the Change Healthcare cyberattack has highlighted the urgent need for immediate and decisive action by Massachusetts hospitals. With financial losses mounting and operational challenges persisting, stakeholders across the healthcare sector must mobilize to effectively manage the crisis and strengthen resilience against future cyber threats. As the recovery effort unfolds, collaboration, innovation, and resourcefulness emerge as key aspects in confronting these unprecedented challenges to the healthcare sector.