WA hospitals dread worse financial losses after Change Healthcare hack


Ongoing effects of Change Healthcare’s recent nationwide cyberattack have put many Washington hospitals in a tough financial spot — news that concerns industry leaders who have watched the state’s health care systems already lose billions in the past few years.

The breach hit the United Healthcare subsidiary in February, initially appearing to primarily affect pharmacies that use the system to verify patients’ insurance coverage for their prescriptions and send electronic prescriptions and claims information. But in the past two months, the effects of the attack have proved to pose a “much more complicated and widespread issue” among other health care organizations, including hospitals and provider groups, said Caitlin Safford, senior director of government affairs at the Washington State Hospital Association.

“We now know the effects are far-reaching and long term,” Safford said at a Tuesday news conference.

Several hospitals in Washington were using Change Healthcare as a primary clearinghouse, or a third-party intermediary that enables electronic transmissions between health care organizations and insurance companies, she said. Hospitals and provider groups also rely on the system to check patient eligibility for insurance, as well as to submit claims, obtain prior authorization for services and receive notices when claims have been processed.

Change Healthcare handles about 14 billion transactions a year.

After the hack, many hospitals and health care organizations were forced to switch systems, causing some significant delays in providing care and collecting payment for services, Safford said. In some cases, she added, 75% to 100% of a hospital’s back-end operations were affected, amounting to millions of dollars in delayed payment, she added. 

Many hospitals continued to provide care anyway, even if they were unable to verify insurance eligibility, putting them in a difficult spot of not knowing if they’ll be reimbursed by payers for their services.

“That is very, very nerve-wracking to provide care to someone who you know needs the care, insurance requires you to get it authorized, but the system is not working,” WSHA CEO Cassie Sauer said. “You could not get a prior authorization. But the services had to be given, so now we’re really worried they are not going to get paid. And that is going to be a disaster.”

Meanwhile, many patients had trouble picking up prescriptions in the weeks after the attack, as they were either unable to get them filled or unable to pay cash for their medication, Sauer added.

Some historical imaging devices were also taken offline, so, for example, follow-up mammograms or other scans were difficult to analyze without the ability to compare them with initial scans, she said.

WSHA has spent time sorting through the process with the state Office of the Insurance Commissioner, Health Care Authority and Department of Health, but Safford said it could be months before the full impact on hospitals is clear.

At Astria Toppenish Hospital in the Yakima Valley, which used Change as its primary clearinghouse, the breach was “potentially catastrophic,” said hospital administrator Cathy Bambrick.

At its worst, Astria Health was about $4 million to $4.5 million behind on cash collections, Bambrick said. The health care system is still short about $3.5 million from cash collections from the same time period.

“We’re holding our own on cash flows now, but we haven’t recovered,” Bambrick said.

Patient info posted to dark web

Earlier Tuesday, UnitedHealth confirmed “substantial” patient files might have been taken in the breach, according to The Associated Press. While the company said it has yet to see signs that doctor charts or full medical histories were released after the attack, some screenshots containing protected health information or personally identifiable information were posted for about a week on the dark web.

UnitedHealth is still monitoring the internet for additional file publication, and has started a website and call center to answer questions. Meanwhile, the U.S. Office for Civil Rights has launched an investigation into the breach to try to determine how much protected information might have been exposed.

“Meanwhile, each hospital is pushing every day to ensure that they make payroll,” Safford said. “This is one more crisis contributing to the fragility of the health care system in Washington.”

Ongoing financial losses

Financial effects of the breach are particularly distressing to state health care leaders, who on Tuesday announced Washington hospitals lost about $1.7 billion in 2023.

The losses have slowed since 2022, when they recorded a $2.1 billion hole, but the recent data confirmed many hospitals are still struggling, Sauer said during the news conference.

“The state of Washington’s hospital system remains very fragile after experiencing more than two years of significant losses,” Sauer said. In 2021, hospitals lost about $742 million.

Hospital officials have been calling attention to the industry’s long-term financial bleeds for years now, as federal COVID pandemic relief dried up and the cost of supplies, workforce and drugs rise.

Other factors have included low Medicaid and Medicare reimbursements and the cost of patients who no longer need hospital care but are unable to be discharged to a nursing home or another long-term care facility due to a shortage of staff or open beds. Those problems persist, hospital leaders said.

While last year’s hospital losses were smaller than the year prior, about 85% of those that participated in the WSHA survey — representing about 96% of the state’s acute care beds — continue to lose money, said Eric Lewis, the association’s chief financial officer. The newest data reflects the eighth straight quarter of significant operating losses, Lewis added. 

Total operating revenue increased by about 11% last year, but expenses also rose about 9%, mostly driven by greater employee wages and benefits, utilities, contract services, supplies, and pharmaceuticals, he said. 

During the 2023 legislative session, lawmakers approved a repayment plan that would assess, or tax, hospitals, which would then trigger payments from the federal government. The state estimates receiving about $1 billion annually from the program. But hospitals have yet to see any of those funds, pending program approval from the Centers for Medicare & Medicaid Services, Sauer said.

Hospital leaders hope payments will arrive by July or August, Lewis said.

“It’s challenging to wait when there’s so much financial distress happening with the added Change Healthcare [cyberattack], but we are working on it on a daily basis,” Lewis said.

Information from The Associated Press was used in this story.

Share post:


More like this