A cyberattack on a company that provides back-end services for hospitals and other health-care providers, including approving types of care and processing payments, is still affecting patients and providers throughout New Hampshire and the rest of the country, according to the state Insurance Department.
The cyberattack, overseen by hacking groups known as ALPHV/BlackCat, hit Change Healthcare, a subsidiary of United Healthcare Services, on Feb. 21. While the widest effect has been on United Healthcare, a major health insurance provider in New Hampshire, other providers including Cigna, Harvard Pilgrim and Ambetter have also been affected because of the interwoven nature of online services.
National reports indicate that the disruption has cost hospitals and other providers around the country hundreds of millions of dollars.
The hacking group apparently infiltrated Change Healthcare’s systems and stole or locked the company out of many files, shutting down many of its operations. In a Tuesday press conference, New Hampshire Department of Insurance Commissioner D.J. Bettencourt said that a number of concerns remain even as systems struggle to get back to normal, including whether any medical information about individual patients was taken.
Among major patient concerns, he said, are delays in “prior authorizations,” in which physicians and other health care providers must obtain advance approval from a health plan before they can perform a specific service. Those authorizations often went through Change Healthcare’s systems and some are not going through. “That can affect the patient’s ability to get critical services they need – literally a life-and-death proposition.”
The attack also impacted the system of processing payments to medical providers. Bettencourt said that five hospitals in New Hampshire have seen “half their income stream disrupted.”
He said the department was particularly concerned with smaller providers, such as one-person practices in rural areas, that “do not have the cash reserve to float while these issues are being worked out … and who are really assessing their options whether they can afford to stay open.”
Adding to the trouble, he said, is that the loss of digital services has forced providers to fall back on paper forms, which slows them down. “Some of the workers have never used the paper process … so they’re having to use an entirely new system,” he said.
“If you are a provider in NH that is significantly struggling financially or unable to provide care to patients in a timely manner, do not wait or hesitate to reach out to the department,” he said.
As for the future, Bettencourt said the national disaster was a wake-up call for all types of businesses targeted by digital criminals.
“These cyber crimes are becoming more and more common,” Bettencourt. “I don’t blame Change or UHC for the fact that they were the victims of a cyber attack. … These things are just getting so complex, so innovative, that they will find their way around whatever system you have in place. That’s just going to be a way of life for businesses of all kind, going forward.
“The biggest issue is what is the game plan in place when this happens, what is the response? … How are you ensuring that patient care is not disrupted?”