The American Hospital Association penned a letter to the HHS about the Change Healthcare attack stating that the incident may have "an immediate adverse impact on hospitals' finances."
The letter, addressed to HHS Secretary Xavier Becerra, states that AHA members have indicated that a significant portion of their claims remains unprocessed, and that they are unable to conduct eligibility checks to determine if a patient's insurance covers a potential treatment due to the attack.
"Their interrupted technology controls providers' ability to process claims for payment, patient billing and patient cost estimation services," the letter reads. "Any prolonged disruption of Change Healthcare's systems will negatively impact many hospitals' ability to offer the full set of health care services to their communities."
The AHA says if hospitals and health systems are deprived of this source of income, they may face challenges in meeting payroll for clinicians and other care team members, procuring essential medicines and supplies, and compensating for vital contract work in areas like physical security, dietary, and environmental services.
"In addition, replacing previously electronic processes with manual processes will add considerable administrative costs on providers, as well as divert team members from other tasks," the letter continues. "It is particularly concerning that while Change Healthcare's systems remain disconnected, it and its parent entities benefit financially, including by accruing interest on potentially billions of dollars that belong to healthcare providers."
The AHA is asking for continued support from the HHS as Change Healthcare continues to grapple with the cybersecurity incident.
In an update from Optum, the parent company of Change Healthcare, the company says that the outage of Change Healthcare's systems is expected to last at least throughout Feb. 27.
Change Healthcare first became aware of the cybersecurity incident on Feb. 21 and few details have been released about the cybersecurity issue, but it is believed to be the work of a foreign nation-state-associated cybersecurity threat actor.
BlackCat, a ransomware group with ties to Russia, allegedly claimed that it was responsible for the incident, but Change Healthcare has not confirmed this information.
"Many providers can leverage alternative clearing houses to submit claims and as of late last night, claim submissionshave returned to pre-disruption levels. Any delays to claims processing have yet to impact provider cash flows as payers typically pay one to two weeks after processing," a spokesperson for Unitedhealthcare told Becker's. "As we work on brining systems back online, we are also developing solutions to that challenge if needed. Claims volumes is key here and they are moving."