What is the main concern for hospitals and health systems when it comes to the Change Healthcare attack? The potential impact to patient care and safety, John Riggi, the American Hospital Association's national adviser for cybersecurity and risk, told Becker's.
"We are still gathering data of the impact of the attack, but it appears to be wide ranging but in varying degrees," he said. "At this time, the disruptions in service seem to be related to pharmacy, revenue cycle and related technology disruptions — all across the country."
Mr. Riggi stated that Change Healthcare touches almost every hospital in the country, directly or indirectly, but the main concern of this incident is the potential disruption or delay of healthcare delivery that may create a risk to patient safety.
The Post Bulletin reported Feb. 28 that several pharmacies have reported disruptions.
"Mayo Clinic Pharmacy is among pharmacy providers nationwide affected by Change Healthcare's network interruption," Mayo Clinic said in a statement to the Post Bulletin. "For patients with serious health issues, our teams are prioritizing prescriptions that are due in the near future. For patients needing to fill or refill nonurgent prescriptions, there may be delays. Our commitment to patient care remains unwavering, and we are actively responding to the situation to minimize disruptions."
Rochester, Minn.-based Mayo Clinic Pharmacy, CVS, Walgreens, OMC Pharmacy and Costco Pharmacy were among those named in the news outlet as those affected by the Change Healthcare network outage that started Feb. 21.
OMC Pharmacy told the publication that "most pharmacies will be able to give patients up to five days of medication to help them until the systems are working again."
The attack on Change Healthcare is being attributed to a Russian-based ransomware group known as ALPHV or BlackCat, according to Mr. Riggi.
"This group in particular has been very aggressive targeting healthcare and has been responsible for numerous high-impact attacks," he said.
In 2023, health systems experienced 46 ransomware attacks, up from 25 in 2022 and 27 in 2021, according to a report from cybersecurity firm Emsisoft. Ransomware was even listed as one of the biggest safety concerns in health technology for 2024 by nonprofit patient safety organization ECRI.
"Ransomware attacks against healthcare in general should be prioritized as threat-to-life crimes and treated as acts of cyber terrorism," Mr. Riggi said.
In its latest update, Change Healthcare said the disruptions to its systems may last throughout Feb. 28.
A spokesperson for UnitedHealthcare, the parent company of Change Healthcare told Becker's "we estimate more than 90% of the nation's 70,000+ pharmacies have modified electronic claim processing to mitigate impacts from the Change Healthcare cyber security issue; the remainder have offline processing workarounds."
Additionally, the spokesperson said both Optum Rx and UnitedHealthcare are seeing minimal reports, including less than 100 out of more than 65 million PBM members not being able to get their prescriptions.