Lessons Learned From the Change Healthcare Cyberattack

What would you do if insurance claims disappeared? Not just for days, but for weeks?

More than 25% of American physicians are asking this question after the cyberattack on Change Healthcare.

Change Healthcare is America’s largest healthcare payer system, handling more than 15 billion healthcare transactions per year. After the ransomware attack on February 21, 2024, thousands of providers woke up to failing systems — including the inability to submit insurance claims.

As more and more systems become operational, thousands of healthcare organizations are finding their footing.

And yet, the ramifications of an attack this size may impact the industry for years on end.

The Real Impact of the Change Healthcare Attack

The Change Healthcare cyberattack has continued to make waves for physicians and patients.

Estimates calculate a loss of $100 million per day for America’s affected healthcare providers. Thousands of patients have also been caught in the crossfire, with many unable to purchase much-needed medication.

Physicians have accumulated a backlog of claims worth millions of dollars overall. Even nonprofit health plans have been asked to front advance payments on the long road to recovery.

Fortunately, there is a tentative end in sight: Change Healthcare has announced electronic payment functionality as soon as mid-March. Connectivity testing with its claims network software should come a few days later on March 18.

It’s clear the healthcare industry has been flipped upside down, and the unfortunate reality is, it’s likely to happen again.

This isn’t just a one-off incident — it may be our new normal in the age of cyberattacks.

Where We Go From Here

The Change Healthcare cyberattack highlights an important reality for the healthcare industry. No payouts provider is immune from ransomware, and with a growing number of cyberattacks, avoiding risk is all-but impossible.

But the silver lining to this situation is that we can learn from the past to inform the future.

What do healthcare providers need to consider in the new age of cyberattacks?

This is a Systemic Problem

There is no single solution to outages and downtime. Everyone is at risk for cyberattacks, especially sensitive industries such as healthcare.

The smartest way to avoid the heaviest hits is to decentralize risk as much as possible.

Traditional healthcare systems rely on consolidated clearinghouses, which in the case of Change Healthcare, could expose businesses to huge financial risks.

The best course of action is decentralization, which de-risks your business by a greater degree.

Decentralization = De-Risking

Variety is an essential consideration for insurance clearing houses.

This is especially true of healthcare organizations relying on a single payer.

Payer Gateway connection redundancy is an efficient solution to traditional methods of claims submission.

Implementing this now could save many headaches in the future, especially when pitted against situations similar to this.

Redundancy Matters More Than Ever

In the new era of cyberattacks and ransomware, redundancy is key for long-lasting protection.

Flexible systems and adaptable software ensure a seamless transition between payers and organizations. Working with newer, more modernized systems may hold the key for navigating future threats.

For now, decentralization will be key for de-risking, both for healthcare businesses and the patients they serve.