U.S. health systems still struggle after Change Healthcare cyberattack
CHICAGO, UNITED STATES — Six months after the cyberattack on Change Healthcare, numerous health systems are still dealing with missing payments for patient encounters dating back to February.
A report by Strata Decision Technology describes this incident as one of the most consequential cybersecurity events in U.S. healthcare history
Small hospitals hit hardest
The report, which analyzed data from over 1,600 hospitals, reveals that smaller health systems are experiencing the most prolonged financial impacts. These institutions are still missing about 3% to 5% of their expected net revenue from February patient encounters.
Specifically, the smallest health systems, with annual operating expenses under $500 million, face an estimated shortfall of 11.1% in missing payments for Medicare inpatient services from February
Larger systems show signs of recovery
In contrast, larger health systems, despite initially suffering significant revenue losses, have managed to close most of the payment gaps by the end of the second quarter.
Health systems with operating expenses between $1 billion and $2.5 billion had a payment shortfall of 18.2% at the end of the first quarter, which has since been reduced to 4.3%.
Similarly, the largest systems with expenses over $2.5 billion saw their shortfall decrease from 20.3% to 5.5%
Challenges persist despite recovery efforts
Strata Decision Technology Chief Data and Intelligence Officer Steve Wasson stated, “Health systems nationwide felt the repercussions of missing and delayed payments throughout the first half of 2024, but many larger systems were able to narrow those gaps by the end of the second quarter.”
Despite efforts such as bridge payments and accelerated payments from some payers, smaller health systems continue to struggle due to their limited resources to manage such disruptions.
Long-term implications for healthcare
The lingering effects of the cyberattack highlight vulnerabilities within healthcare payment systems and emphasize the need for strong cybersecurity measures.
The ongoing financial strain on smaller health systems could have broader implications for healthcare delivery and access, particularly in underserved areas where these systems often operate.
As the healthcare industry continues to recover from this unprecedented event, it remains crucial for health systems to enhance their cybersecurity defenses to prevent future disruptions and ensure financial stability. The situation highlights the importance of strategic planning and investment in technology to safeguard against similar incidents in the future.
