By: Dyana Williams, Director, Lighthouse RCM Solutions
The healthcare industry continues to face an increasing number of cybersecurity threats, and the fallout from these breaches can extend far beyond immediate downtime. The Ascension cyberattack in May 2024 serves as a stark reminder of just how vulnerable healthcare systems are and the ripple effects that impact everything from patient care to revenue cycles.
One of our clients at Lighthouse Lab Services has faced considerable billing and reimbursement challenges stemming from the outage. And even though transitioning to a new billing vendor during the 3rd quarter of 2024 was the right move for the client for various reasons, it added complexity to the effort of addressing these issues. Their story is a perfect example of how cybersecurity failures don’t just disrupt hospital operations but create long-term financial and administrative burdens.
Onboarding Challenges Amidst a Billing Crisis
We were fully aware that onboarding this client would be complex due to the volume of backlog cases. The new vendor had to manually input all the information associated with those cases, adding another layer of difficulty. When they took over, this region of Ascension was only just beginning to come back online. This meant that the biller had to manage three separate onboarding processes simultaneously: Current volumes of Anatomic Pathology (AP), Professional Component of Clinical Pathology (PCCP) cases, as well as the manual entry of downtime demographics and charges. Balancing these competing priorities while ensuring accurate claim submission and reimbursement in this situation has been an ongoing challenge.
RELATED VIDEO: What Healthcare providers and Billers Can Learn from the Change Healthcare Cyber Attack
The Fallout: 5,000+ Timely Filing Denials
As a direct result of the Ascension breach and the resulting billing chaos, this client has received nearly 5,000 Timely Filing Limit (TFL) denials over the past six months on approximately $1.5M in billed services. The majority of these denials stem from cases that originated during the downtime period, where submission deadlines were missed or claims lacked necessary documentation due to system unavailability. The financial impact has been significant, and payer response has been a mixed bag of approvals, denials, and prolonged appeals, making financial recovery unpredictable.
Payer Responses: The Good, the Bad, and the Bureaucratic
Our client’s billing vendor has been actively working with payers to resolve these denials, requesting that they process all downtime cases in bulk rather than forcing manual appeals on thousands of individual claims. Some payers have been cooperative, while others have proven frustratingly rigid in their policies:
- United Healthcare: While initial appeals were denied, the billing vendor has had some success submitting formal appeals individually. A UHC representative recently indicated a willingness to push for bulk reprocessing, which offers a glimmer of hope.
- Aetna: Aetna’s process is bureaucratic, requiring faxed spreadsheets and limiting customer service reps to handling only three claims per call. Finding a dedicated and proactive representative is proving to be instrumental in pushing claims through. With that said, the manual nature of this process is unsustainable.
- Cigna: Cigna required spreadsheets to be faxed in early January, with no response as of mid-February, highlighting an all-too-common lack of urgency from payers.
- UMR: UMR outright refuses to pull denials on their end, instead requiring individual appeals through the payer portal. This is another example of unnecessary administrative burden.
- Blue Cross Blue Shield: BCBS is perhaps the least cooperative, insisting that spreadsheets be mailed — a completely impractical request in a digital age. The billing vendor is still working to find a better contact or alternative solution.
- Network Health: This payer has at least acknowledged the spreadsheet submission and is in the process of reviewing claims.
The Bigger Picture: Cybersecurity and Administrative Burden
The unwillingness of some payers to process claims efficiently in the aftermath of a cybersecurity disaster raises serious concerns. In an era where cyberattacks on healthcare are becoming more frequent and sophisticated, there should be industry-wide contingency plans in place to handle these disruptions. Instead, providers are left to fight uphill battles for reimbursement, adding administrative burden and financial strain to an already fragile system.
Billing vendors and provider organizations cannot bear the full weight of these cybersecurity failures alone. Payers must be held accountable for creating reasonable pathways for bulk reprocessing in situations like these. A rigid, red-tape-laden response only exacerbates the impact of a cyberattack and forces providers to divert resources away from patient care.
Moving Forward
Progress on resolving these denials has been slow but steady. The billing vendor now has all necessary spreadsheets in place, and the top payers are at least engaged in some form of reprocessing. However, as seen with BCBS and UMR, the reluctance of some payers to participate in meaningful resolutions remains a major challenge.
The key takeaway here is that cybersecurity breaches in healthcare don’t just cause temporary operational disruptions; they create long-term financial and administrative chaos that lingers for months, if not years. Until the industry takes a unified approach to handling these disruptions, including requiring payers to be part of the solution rather than part of the problem, healthcare providers will continue to bear the burden.
The fight for fair reimbursement after a cyberattack shouldn’t be this hard. But as we’ve seen with this client, persistence, advocacy, and a strategic approach can make a difference. Lighthouse RCM Solutions will continue to push forward, ensuring that those impacted by the Ascension breach (and any future cyber incidents) are not left to fend for themselves.
Contact us today for a complimentary consultation.