While the financial impacts of the Change Healthcare hack have gotten a lot of attention, the cyberattack has also harmed patients, health system leaders say.
"It has and continues to interrupt patient care," said Scott MacLean, board chair for the College of Healthcare Information Management Executives and CIO of Columbia, Md.-based MedStar Health, at an April 16 congressional hearing on the ransomware attack.
He gave some examples: "patients being unable to get their prescriptions filled, being forced to pay out-of-pocket prices; patients with complex conditions and costly medications like chemotherapy therapy treatments searching for a way to pay for their medications; and the inability of patients to use medication coupons."
CHIME surveyed its membership, which includes health system CIOs and other senior IT leaders: "On a scale of 1-5, how much of an impact did the Change cyber incident have on any patient care?" Mr. MacLean testified. The results:
— Somewhat impacted: 40%
— Moderately impacted: 25%
— Very significantly impacted: 15%
— No impact: 13%
— Extremely impacted: 5%
"These responses underscore the complex consequences of the incident, ranging from minor disruptions to critical delays and impact on patient care," Mr. MacLean said at the hearing. "Because patient care is at the heart of each of our members' core mission, even one member reporting that this incident impacted patient care is unacceptable."
To protect patients from cyberattacks in the future, he suggested Congress increase cybersecurity funding for small and underresourced health systems, provide financial support to implement HHS' cyber performance goals, and ensure payers and third-party vendors share liability with healthcare providers after breaches.