The hackers who broke into Change Healthcare’s system and unleashed long-lasting chaos for senior care providers and others may not have realized what they were stumbling upon.
But whether or not the group behind the CHC cyberattack strikes again, bad-faith actors have surely taken notice of the vulnerability of systems and the value in accessing their data, tech experts warn.
While the immediate concern remains how to address claims backlogs and get money to providers before businesses are forced to fold, healthcare organizations large and small are going to need to ensure they are better protected, said Tarpon Health CEO Ben Reigle during a roundtable discussion for Redox.
The recent conversation, which included Healthcare Strategy Bullpen podcast host Jeff Englander and Redox Senior Product Marketing Manager Elizabeth Ojo, was about the systemic impact on the healthcare revenue cycles, but also how to move forward and ensure it doesn’t happen again.
“My guess is the hackers had no idea what they stumbled on,” Reigle said. “They [probably] didn’t know what a clearinghouse is, but then they found all this data behind this application, and they probably were like, ‘Let’s go and take info but let’s damage stuff as we go.’ If I were another clearinghouse, I’d be scared to death.”
Reigle noted that bigger software systems like Epic represent a “shiny, shiny target,” until it’s proven they’re impenetrable.
Despite Change Healthcare beginning the process of addressing the astounding $14 billion in claims the process could still take months.
Providers should have a backup system in place, to prevent the current situation, Reigle said, adding that he believed it might take a federal bailout, a la COVID, to sufficiently address the damage done from delayed claims.
The magnitude of the crisis is such that recovering stolen patient data, such as Social Security numbers and health prescriptions, may be secondary to saving businesses, Reigle noted.
The latter will only further erode patients’ trust in healthcare systems, unless there is demonstrable effort to improve security systems, Ojo said.
At least two senior living companies have filed for bankruptcy due to the CHC payments backlog, McKnight’s reported Monday.
While the federal government, including the Department of Health and Human Services, has taken steps this month to address the problem, a new bill in Congress aims to promote financial incentives — and penalties — to enforce best cybersecurity practices among healthcare providers.
