AHA: 94% of hospitals financially impacted by Change Healthcare's cyberattack

Nearly every hospital is feeling the consequences of Change Healthcare’s cyberattack on their finances, patient care delivery, or both, according to reports from almost 1,000 hospitals compiled by the American Hospital Association (AHA).

Per survey data released Friday afternoon, 94% of hospitals reported some financial impact stemming from what the trade group is calling “the most significant and consequential cyberattack” on healthcare in the country’s history. More than half of the responding hospitals characterized the impact as “significant or serious,” according to AHA’s report.

Change Healthcare is a healthcare clearinghouse that processes 15 billion transactions between healthcare entities per year, including those for billing, prescribing and prior authorizations.

Among the 82% of hospitals that said their cash flow was impacted, more than a third reported an impact on over half of their revenue, and nearly 3 in 5 said the affected revenue totaled at least $1 million per day. Also among these hospitals, 44% said they expect the impact would persist for another two to four months, but more than 20% said they were “currently uncertain” of the interruption’s full impact, AHA said.

“These survey findings are another irrefutable reminder that the impact of this cyberattack is far-reaching and far from over,” AHA President and CEO Rick Pollack in a statement accompanying the report. “When nearly every hospital says they are experiencing a financial loss and half of those say it’s ‘significant or serious,’ with no immediate end in sight, then the debate about whether we need to help them should be over.”

AHA collected its responses between March 9 and March 12.

Beyond the financial hit, 74% of hospitals said the incident resulted in “direct patient care impact.” Almost 2 in 5 hospitals said that their patients are “having difficulty accessing care because of delays in processing of health plan utilization requirements (e.g. prior authorization),” according to the report.

Although “most” of the surveyed hospitals turned to workarounds for the impacted Change Healthcare services, 81% said these efforts were “only somewhat successful,” and 11% “have not found them successful,” AHA wrote. Two-thirds told the industry group that it is “difficult or very difficult” for them to switch over to another clearinghouse.

Other sources back up AHA’s characterization of the cyberattack’s wide-reaching impact. Earlier this week, Kodiak Solutions—which provides financial reporting and revenue cycle management software for over 1,850 hospitals and 250,000 physicians—found that the volume of claims submitted to insurers has dipped by a third since the attack began.

The cash value of claims submitted through its database has fallen by 63%, Kodiak said, with cash flow of delayed claims hitting over $2.5 billion within the last full week.

On a smaller scale, the Massachusetts Health & Hospital Association said Monday that 12 of its member organizations were suffering over $24 million in reimbursement losses per day.

Other major payers like Humana and Elevance Health also said during an event earlier this week that they had seen claims data reductions of 15% to 20% from providers (and noted that other clearinghouses like Availity are picking up a lot of the lost business).

Some of the country’s largest health systems seem to be the exception. Though they acknowledged short-term disruptions that are still being ironed out, for-profits HCA Healthcare, Tenet Healthcare and Universal Health Services told investors earlier this week that they were well positioned to weather the “transitory” event and didn’t expect any material impact on their quarterly performance.

Change Healthcare has been working to restore its systems and services. Thursday, UnitedHealth Group announced that Change Healthcare’s pharmacy network was back online and that “99% of pre-incident claim volume is flowing.” It also opened a temporary funding program at the top of the month for impacted providers.

The federal government has worked to limit the damage by authorizing accelerated and advanced Medicare payments for impacted providers, pressuring payers to similarly authorize their own early payments and holding meetings with major stakeholders to hash out next steps.

The Office for Civil Rights opened a probe into Change Healthcare on Wednesday, with Department of Health and Human Services Secretary Xavier Becerra promising Congress the next day that his department would pressure UnitedHealth Group and other payers to commit to further support.

In light of the cyberattack’s full impact on hospitals, AHA’s Pollack said these efforts aren’t enough.

“We continue to call on Congress and the Administration to take additional actions now to support providers as they deal with significant fallout from this historic attack,” he said. “We also need UnitedHealth Group and commercial payers to step up and support patients and providers on the front lines by waiving prior authorization and timely filing requirements, as well as advancing payments that will allow providers to continue providing 24/7 care to communities.”