UnitedHealth Group (UHG) is slowly bringing its clearinghouse network back online as it continues its response to the cyberattack that occurred over a month ago. According to its webpage dedicated to the cyberattack, UHG has restored connectivity for its Assurance and Relay Exchange services. Restoring these functions should allow for pre-cyberattack transaction volumes. The website includes a list of payers that have reconnected to Relay Exchange.
However, having the functionality is only one part of the process. These systems only facilitate the transactions. While providers are eager to begin using the system to submit claims and receive payments and ERAs, payers must also reconnect to the system. Some payers are proceeding cautiously out of concern that their systems could be exposed to the same ransomware if UHG did not adequately remove the malicious code. UHG is going to great lengths to emphasize the safety of its network by providing third-party attestations from the cybersecurity firms it hired to help it respond to the attack.
UHG has also provided a timeline for how it will restore various systems over the next few weeks.
Temporary financial assistance programs remain available to providers even as connectivity to these systems is restored. Information about these programs is available on the UHG webpage.
The Centers for Medicare and Medicaid Services (CMS) has also made financial assistance available through advanced and accelerated payments.
While progress has been made, it will likely be a few more weeks before Change Healthcare is fully restored.
Restoring services is by no means the end of this story. UHG also is facing a HIPAA privacy and security investigation by the HHS Office of Civil Rights (OCR), a federal antitrust investigation, and multiple lawsuits from impacted stakeholders.
The federal government has used this cyberattack to reemphasize the importance of cybersecurity in healthcare. The Department of Health and Human Services (HHS) has gone to great lengths to remind stakeholders about cybersecurity resources it has available.
On March 22nd, Senator Mark Warner (D-VA) introduced legislation that would require advance and accelerated payments to healthcare providers following a cyber incident. However, to be eligible for these payments providers and their vendors would have to meet minimum cybersecurity requirements.
ADVOCATE will share additional information with clients and friends as it becomes available on this and other Healthcare news.
Kirk Reinitz, President