Select Page

Industry Insights

How Labs Should Respond to the Change Healthcare Cyberattack

In the wake of the recent Change Healthcare cyberattack, independent lab owners and pathology groups are facing critical challenges. This overview aims to address common questions and concerns related to the attack’s impact on revenue cycles, compliance, and patient care. Whether you’re navigating billing vendor changes or assessing the aftermath, we’ve compiled essential information to guide you through this unprecedented situation. Let’s delve into the details.



Q:  What Happened in the Change Healthcare Cyber Attack?

A: Change Healthcare fell victim to a ransomware attack. Cybercriminals demanded a ransom, and the company reportedly paid $22 million in cryptocurrency to regain access to its systems.


Q: How Does This Affect Independent Labs and Pathology Groups?

A: The attack has had broad impact on the health care sector, affecting hospitals, children’s health providers, physicians, infusion centers, pharmacies, community health centers, and long-term care facilities across the country. In some cases, claims cannot be submitted electronically, health plans are unable to verify member eligibility, and Electronic Remittance Advice (ERA) notifications are unable to be transmitted.  All of which is leading to delayed cashflow and reimbursement to providers.


Q: What are the Potential Financial Implications to Our Laboratory or Pathology Group?

A: The financial implications can be substantial:

  • Lost Revenue: Delayed claims processing may lead to revenue leakage.
  • Increased Costs: Remediation efforts, cybersecurity enhancements, and legal fees can strain budgets.
  • Reputational Damage: Patient confidence and referrals may decline due to data exposure.
  • Penalties: Non-compliance with breach notification rules (if applicable) may result in fines.


Q: How Long are Revenue Cycle Issues Expected to Persist?

A: The duration of revenue cycle disruptions will depend on several factors, including the extent of damage, the speed of recovery efforts, and the effectiveness of contingency plans. Providers should anticipate ongoing challenges for at least several weeks, possibly extending into several months.  The exact timeline for providers remains uncertain, and will likely differ from one provider organization to the next – especially if it is discovered that there has been inappropriate access/exposure of patient Protected Health Information (PHI).


Q: How might the exposure of PHI impact healthcare providers in the aftermath of the cyber-attack?

A: The exposure of (PHI) poses significant risks. Providers may face legal and financial consequences if patient data is compromised. Regulatory bodies, such as the HHS, require timely breach notifications to affected individuals. Ensuring compliance and safeguarding patient trust are critical.


Q: We Use Optum’s (Change Healthcare’s) Billing Services. Do We Need to Change Billing Vendors?

A: As this situation extends into its fourth week, we have begun to see an increase in the number of providers considering an immediate move to a new billing vendor.  As a result, we’ve also begun to see billing vendors beginning to turn away new business. In the normal course of business, moving to a new billing vendor often results in routine delays and disruptions to a provider’s revenue cycle.  If a provider makes the decision to move to a new biller in the current environment, we can anticipate those delays and disruptions to be multiplied. Transitioning to a new billing vendor may take additional time right now due to existing contract terms, system setup, data migration, and training. We are helping our clients navigate these situations by maintaining clear communication with the new vendor regarding timelines, data transfer, and implementation steps.


Q: What Should Providers Watch for When Optum’s (Change Healthcare’s) Services Come Back Online?

A: After the dust settles, the RCM Solutions team at Lighthouse Lab Services will be conducting targeted audits for our clients with a focus on two main areas of the revenue cycle:

  • Billing and Claims Processing: Review billing records, claims submissions, and payment processing. Identify any discrepancies or delays caused by the cyber-attack.
  • Revenue Leakage: Investigate any revenue losses due to disrupted systems or delayed billing.


Q: How Can Independent Labs and Pathology Groups Protect Themselves?

A:  There are several best practices that providers should follow to protect themselves from similar situations:

  • Cybersecurity Measures: Strengthen security protocols, update software, and conduct regular vulnerability assessments.
  • Backup Systems: Maintain secure backups of critical data to minimize downtime.
  • Incident Response Plans: Develop and test plans to handle cyber incidents promptly.
  • Collaboration: Work closely with industry peers, government agencies, and cybersecurity experts.
  • Diversification: Ensure you / your RCM vendors have access to multiple clearinghouses and can easily pivot if a single clearinghouse has a significant outage in the future.


Assessing Your Overall Impact

Remember that this situation remains critical, and vigilance is crucial. Stay informed and adapt as needed to protect your operations and patients. Remember that proactive measures and collaboration are essential for navigating the aftermath of the cyber-attack.

If you have questions related to auditing and assessing the full impact of this disruption on your billing processes, don’t hesitate to schedule a free consultation with our RCM experts to learn more about how we can assist you.


General Items to Monitor in the Event of a Clearinghouse Attack

Below is a roundup of general items of concern to monitor moving forward as this issue continues to be resolved. This is a helpful checklist to reference in the event of future disruptions to your clearinghouse or billing partners.

Billing Disruptions:

  • Delayed submission of claims due to billing system outage.
  • Incomplete or inaccurate claims submissions resulting from manual processes.
  • Difficulty tracking claims status and identifying unpaid claims.

Cash Flow Impact:

  • Decreased cash flow due to delays in claim processing and reimbursement.
  • Inability to predict revenue due to uncertainty surrounding reimbursement timelines.
  • Difficulty meeting financial obligations such as payroll and operational expenses.

Claim Denials and Rejections:

  • Denials due to missing or incomplete patient information.
  • Denials related to coding errors or discrepancies.
  • Rejections due to outdated or invalid insurance information.
  • Denials for services not covered under patients’ insurance plans.
  • Denials for services deemed non-essential or elective during the outage period.

Increased Administrative Burden:

  • Manual verification of patient eligibility and insurance coverage.
  • Manual reconciliation of claims and payments without access to electronic systems.
  • Increased time and resources required for claim follow-up and appeals.

Patient Billing Issues:

  • Delayed or inaccurate patient billing statements.
  • Confusion among patients regarding outstanding balances and payment responsibilities.
  • Increased inquiries and disputes from patients regarding billed amounts and services provided.

Reimbursement Challenges:

  • Delayed or reduced reimbursements from insurance companies and government payers.
  • Difficulty reconciling payments received with billed services due to missing or delayed Electronic Remittance Advice (ERA).
  • Increased risk of underpayment or non-payment for services rendered during the outage period.
  • Increased risk of overpayment due to duplicated paper claim submissions and/or as a result of moving to an alternative clearinghouse during data transfer disruptions.

Revenue Leakage:

  • Missed opportunities for capturing charges or billing for services provided during the outage.
  • Incomplete or inaccurate documentation leading to missed revenue opportunities.
  • Failure to identify and address billing errors or discrepancies.

Compliance Risks:

  • Potential violations of regulatory requirements or contractual obligations due to billing inaccuracies or delays.
  • Increased risk of audit findings or penalties related to billing and reimbursement practices.

Patient Satisfaction and Trust:

  • Negative impact on patient satisfaction due to delays in claims processing and communication regarding billing issues.
  • Potential loss of patient trust and loyalty resulting from billing errors or perceived financial mismanagement.

Operational Disruptions:

  • Disruption of normal workflow and productivity due to manual billing processes and increased administrative workload.
  • Difficulty maintaining staff morale and motivation in the face of ongoing challenges and uncertainties.


Sharing is caring!