Cyberattack on US Pharmacies Disrupts Health Care Businesses, Threatening Revenue
In a devastating blow to the US health care sector, a cyberattack targeting pharmacies across the country continues to wreak havoc, causing significant disruptions and potential financial losses. Health care professionals from Maryland to New York have expressed their concerns about the ongoing hack, which has severely impacted their businesses and jeopardized their revenue.
Raeya Disney, a psychotherapist in Maryland who specializes in trauma victims, fears that she may have to give up her office space if the billing outage persists. She has resorted to manual billing and is anxiously hoping to receive payment for her services. Similarly, Purvi Parikh, an allergist in New York, is struggling to submit claims to insurance carriers due to the hacking incident. The situation has placed an additional burden on physician practices, hospitals, and pharmacies as they scramble to find alternative ways to process claims and fill prescriptions.
The cyberattack originated from Change Healthcare, a subsidiary of UnitedHealth, which handles prescription processing for tens of thousands of pharmacies nationwide. The fallout from this attack has been catastrophic, with some health care providers estimated to be losing over $100 million per day. Carter Groome, CEO of Health First Advisory, a cybersecurity firm, emphasizes that such financial losses are unsustainable in an industry that typically operates with limited cash reserves. He draws a parallel between this cyberattack and the 2021 ransomware attack on the Colonial Pipeline, which disrupted fuel shipments for days and highlighted the national security concerns associated with ransomware attacks.
In response to the hack, Elevance Health, the owner of Anthem Blue Cross and Blue Shield, has severed network connections with Change Healthcare as a precautionary measure. However, Leslie Porras, a spokesperson for Elevance Health, assures that their members’ access to medical care and prescriptions remains unaffected.
As of now, Change Healthcare’s affected network is still offline. Tyler Mason, a company spokesperson, reports that insurance claims submissions have returned to pre-disruption levels due to health care providers utilizing alternative clearing houses. Mason assures doctors and patients that workarounds are available to address the issues faced by professionals like Parikh and Disney. However, some health care professionals remain confused about how to adapt to the situation.
Amy Cizik, a health care researcher in Utah, shares her distressing experience of trying to get her pharmacy to process her insurance for her daughter’s multiple medications. With her daughter’s medication running out, Cizik spent hours on the phone attempting to resolve the issue but was met with no resolution. She emphasizes the added burden this places on caregivers of individuals with chronic illnesses, stating that caring for her daughter is already a full-time job.
The severity of this cyberattack has raised concerns among senior US cyber officials. The FBI, along with the Departments of Health and Human Services (HHS) and Homeland Security, has been actively involved in addressing the issue. Andrea Palm, the deputy HHS secretary, confirms that the department is closely monitoring Change Healthcare’s efforts to restore its network. Forensic evidence recovered from the investigation suggests that a prolific ransomware gang, including Russian-speaking cybercriminals, was responsible for the hack. The gang rents out their malicious software, known as ALPHV or BlackCat, and has previously targeted US universities, health care providers, and hotels. The ransomware gang has claimed responsibility for hacking Change Healthcare on their dark-web site.
Despite a previous operation by the Justice Department targeting the ALPHV gang, these cybercriminal groups often bounce back from law enforcement crackdowns. As of Tuesday afternoon, the American Hospital Association (AHA) continues to receive reports from members about the cyberattack interfering with insurance claim processing. John Riggi, AHA’s national advisor for cybersecurity and risk, emphasizes that this was not just an attack on Change Healthcare but an attack on the entire health care sector.
The ongoing cyberattack on US pharmacies has created a significant disruption in the health care industry, threatening the financial stability of health care providers and potentially compromising patient care. As professionals and authorities work tirelessly to address the situation, the need for robust cybersecurity measures and proactive defense against such attacks becomes increasingly evident. The consequences of these cyberattacks extend far beyond financial losses, highlighting the vulnerability of critical sectors and the urgent need for comprehensive cybersecurity strategies.