Topics
Reimbursement
Elevance, UnitedHealth among insurers accused of alleged price fixing
Elevance, UnitedHealth among insurers accused of alleged price fixing
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
Insurance markets are still highly concentrated, AMA says
AMA: Insurance markets still highly concentrated
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Trump picks Dr. Mehmet Oz to head CMS
Trump picks Dr. Mehmet Oz to head CMS
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Feb 24 More on Privacy & Security

Change cybersecurity attack is a 'threat-to-life' crime, says AHA

UnitedHealth Group says it identified a suspected nation-state associated cybersecurity threat.

Susan Morse, Executive Editor

Photo: HIMSSMedia

Fallout from Wednesday's cybersecurity attack on Change Healthcare continued into the weekend, with no reported end to the disruption to its own and other healthcare systems.

On Friday, AHA President and CEO Rick Pollack called such cyberattacks, "threat-to-life crimes." 

Pollack held a call with hospital leaders on Friday, he said.

UnitedHealth Group said it had identified a suspected nation-state associated cybersecurity threat actor that had gained access to some of the Change Healthcare information technology systems, according to a regulatory filing Thursday with the Securities and Exchange Commission. "The company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time.

"At this time, the company believes the network interruption is specific to Change Healthcare systems, and all other systems across the company are operational. During the disruption, certain networks and transactional services may not be accessible."

UnitedHealth Group is the parent company of Optum, which acquired Change in 2022.

On Saturday, the Optum status report posted information that was relatively unchanged since Wednesday.

"Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, and in the interest of protecting our partners and patients, we took immediate action to disconnect Change Healthcare's systems to prevent further impact. This action was taken so our customers and partners do not need to. We have a high-level of confidence that Optum, UnitedHealthcare and UnitedHealth Group systems have not been affected by this issue," the status report said.

"We are working on multiple approaches to restore the impacted environment and will not take any shortcuts or take any additional risk as we bring our systems back online. We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect. The disruption is expected to last at least through the day. We will provide updates as more information becomes available."

WHY THIS MATTERS

The disconnection of Change Healthcare's systems could affect hospitals, according to the AHA.

Pollack said Friday, "The cyberattack may carry serious repercussions across the wider healthcare field."

Numerous hospitals, insurers and pharmacies use the healthcare technology services provided by Optum and Change. Optum is a major provider of services in technology, data, pharmacy care and direct healthcare.

Change Healthcare provides prescription processing services through Optum, which supplies technology services for more than 67,000 pharmacies and care to 129 million individual customers.

The Wall Street Journal reported on Friday that healthcare organizations were being forced to revert to manual procedures after Change disconnected services.

Pharmacy services have reportedly been disrupted. CVS told Forbes the attack was impacting certain business operations but said there was no indication that its systems had been compromised.

"Due to the sector wide presence and the concentration of mission critical services provided by Optum, the reported interruption could have significant cascading and disruptive effects on revenue cycle, certain healthcare technologies and clinical authorizations provided by Optum across the healthcare sector," the American Hospital Association said on Thursday in a cybersecurity advisory.

The AHA advised all healthcare organizations that were disrupted or potentially exposed to Change Healthcare's cybersecurity incident to disconnect from Optum. 

THE LARGER TREND

UnitedHealth said in the SEC filing Thursday, "Immediately upon detection of this outside threat, the company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident."

It also said that as of the date of this report, UnitedHealth has not determined the incident is reasonably likely to materially impact the company's financial condition or results of operations.

ON THE RECORD

AHA President and CEO Rick Pollack said Friday, "This week's cyberattack on Change Healthcare, one of the nation's largest healthcare technology companies, is yet another unwelcome reminder of the ability of cybercriminals to take advantage of our mission of caring by disrupting daily operations.

"These are threat-to-life crimes, and the AHA has been at the forefront of the effort to fight back, working closely with federal agencies and the hospital field to build trusted relationships and channels for the mutual exchange of cyber threat information, risk mitigation practices and resources to implement these practices."

Email the writer: SMorse@himss.org

"Digital Twins in Healthcare: The Next Level in Medical Simulation" is scheduled for Tuesday, March 12, 4:15-5:15 p.m. ET, in W304A at HIMSS24 in Orlando. Learn more and register.

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.