A cyberattack targeting one of the largest healthcare payment systems in the country has entered its third week, causing significant disruptions to patient care and financial operations. On February 21, Change Healthcare, a unit of UnitedHealth Group, fell victim to a cyber intrusion, compromising patients’ information and leading to delays in prescriptions and paychecks for medical workers.
According to Michigan State University Criminal Justice Professor Tom Holt, cyberattacks on healthcare facilities, including hospitals in Mid-Michigan, are becoming increasingly common. The incident at Change Healthcare has created a massive financial strain, forcing some clients to pay out of pocket for pharmaceuticals and prescriptions.
Doctors reported being unable to verify patients’ eligibility for treatment or electronically fill prescriptions due to the outage caused by the cyberattack. Sparrow Hospital, impacted by the outage, stated that while clinical operations and patient care remain unaffected, the cybersecurity issue has delayed the submission of reimbursement claims for prescriptions across outpatient and specialty pharmacy locations.
Tom Holt emphasized the financial motivation behind such attacks, citing evidence suggesting that hackers received a payment of $22 million. However, Change Health Care did not respond to inquiries regarding ransom payment or negotiations. Holt warned of potential drastic measures healthcare providers may have to take if the issue remains unresolved, including paying staff out of pocket to sustain business operations.
The U.S. Department of Health and Human Services expressed concern over the cyberattack, pledging to closely monitor UnitedHealth Group’s response and collaborate with the industry to address any remaining vulnerabilities. Change Health Care, which processes 14 billion transactions annually, confirmed that the ransomware group ALPHV, also known as Blackcat, was responsible for the breach.
