The recent cyber outage at Change Healthcare is one of “unprecedented magnitude,” as described by the HHS Office for Civil Rights, impacting thousands of healthcare providers in the United States. While recovery efforts are ongoing, it is a unifying moment for the industry as we work together to overcome the challenges and double-down on security efforts to keep our businesses and our patients safe from cyber threats.
If you use Prompt, our team has created an FAQ resource and we’ll continue updating it as we learn more. In this article, we’ll walk through the event and provide some helpful info and resources for your team to effectively navigate this complex situation and secure your business against future incidents
Note: This story is evolving by the day, and while our Support team is following the developments closely we are cautious to report on details that are changing so quickly in the best interest of our readers and customers. We understand the frustrations this situation is causing for all of our peers in the PT industry and healthcare as a whole, and are doing everything in our power to offer support and provide helpful, accurate advice.
What happened in the CHC cyber attack?
On February 21, UnitedHealth Group’s ChangeHealthcare (CHC) – one of the largest clearinghouses for insurance billing and payments in the U.S. – experienced a major ransomware attack. To begin their incident response, CHC took the affected systems offline, which disrupted electronic healthcare reimbursements and payments for thousands of businesses.
It’s important to note that not all payers and transactions were affected. Other clearinghouses are currently working directly with payers to create alternate connections for those that are disrupted. Investigations are underway into the cause, the extent of data that was compromised, and any potential security issues at CHC.
How did it impact PT businesses?
Physical therapy clinics that bill through CHC-associated payers were not able to process claims for a brief period of time, but other clearinghouses were soon able to route the majority of outbound claims around CHC. As of this publish date, there are a few outstanding payers with no outbound connectivity, and most ERA connections are not yet re-established, so teams are having to go out to payer sites to locate their remits, close AR, and balance to the bank.
The crisis unfortunately created a tough financial situation for some clinics. A number of healthcare businesses outside of PT have had to close either temporarily or permanently due to missing a payroll cycle.
How did insurance companies respond?
Healthcare insurance providers have taken a number of positive steps toward restoring full service and ensuring businesses have the resources they need. Some payers that saw their service impacted have taken steps to ease the burden on practices, such as allowing for alternate claim submissions and creating support resources and FAQs.
Prompt’s clearinghouse partners are doing a lot to reroute the impacted transactions to new trading partners for continuity. If you’re a Prompt customer, read our Support FAQ for an up-to-date list of payer statuses and ERA connections that are available.
What should your team be doing now?
On March 25, HHS put out a collection of resources to help providers respond, you can find that here. If your team has concerns or are experiencing issues with certain payers, you should reach out to their customer service team directly. Additionally, it’s important to understand the situation and be able to answer any patient questions confidently to help ease their concerns. You may consider reviewing the event details with your team and coming up with your own clinic’s FAQ to help guide any conversations with patients as they come up.
Finally, if your reimbursements have been impacted, you should check your eligibility for temporary funding assistance, and then submit an inquiry for assistance. (Note: Forms must be submitted every 7 days to be considered for additional funding.)
How to stay up to date, and protect your practice and patients
Explore the resources on the UnitedHealth Group Cyber Response website and check back as they update their list of payers, uptime, and support availability. You can also submit a general inquiry at any time regarding restoration, funding, or billing.
Very importantly, this crisis is an important reminder about protecting your clinic with security-minded technology and processes, and training your team on cybersecurity. Cyber attacks can not only impact your business and its finances, but also the privacy and safety of your patients. As cyber threats grow more advanced, and healthcare becomes an increasing target for potential attacks, it’s vital to remember how sensitive your data is and that you need to put security first across your entire organization.
If you’re a Prompt customer, we’d be happy to offer any guidance we can. Stay posted with our Support FAQ as we continue to update it, and reach out directly to support@promptemr.com with any additional questions or concerns.
Additional resources
Incident Report for Optum Solutions
Optum Temporary Funding Assistance Program
Impacted Applications Status Dashboard
OCR HIPAA Security Rule Guidance Material
HHS Security Risk Assessment Tool
Fact Sheet: Ransomware and HIPAA
Healthcare and Public Health (HPH) Cybersecurity Performance Goals
Bulk Billing Actions and Tools (Prompt customers)
Utilizing the ERA Uploader Tool (Prompt customers)
Legal disclaimer: These resources and suggestions do not reflect the personal opinions of Prompt or our affiliations, and your business assumes full responsibility for your response to this incident.