A massive cyberattack has some Arizona health providers reeling. Here's what we know

Stephanie Innes, Arizona Republic
·4 min read

Some Arizona health providers, particularly those who serve low-income patients, are taking a financial hit from a massive cyberattack that paralyzed one of the country's largest claims and billing systems, physician groups say.

Arizona providers are among those nationwide who are calling for more attention to the cyberattack for creating a problem that, according to the American Medical Association, has "severely hampered physicians' ability to care for patients" and is "straining viability of medical practices."

Smaller clinics, including independent physician practices that serve a large number of patients enrolled in Medicaid, are taking the brunt of the attack's effects, according to Dr. William C. Thompson, who is president of the Arizona Medical Association.

Providers affected by the attack, which happened in late February, "are strategizing on how to keep the lights on, as the attack has blocked timely payments for physicians from insurers," he wrote in an emailed statement.

The Arizona Medical Association, which is the largest physician-led organization in the state, says it is encouraging impacted providers to contact their payer representatives to request advanced payments, alternative clearinghouses and relaxed prior authorization approvals.

Change Healthcare is owned by UnitedHealth Group, which said March 7 it is working at restoring its systems, but that its payments platform won't be functional until March 15. The plan is to begin connectivity testing for its claims network and software on March 18, "restoring service through that week," the company statement says.

Stethoscope and a clipboard
Stethoscope and a clipboard

The Change Healthcare cyberattack is "severely impacting physicians and patient care across the state, according to Thompson. "The Arizona Medical Association has received reports of clinics being unable to complete routine operations required by insurers — everything from prior authorization approvals for treatments to determining insurance eligibility for patients."

'We've all come to depend on it'

In an emailed statement, the Maricopa County Medical Society said that multiple areas of claims and billing have been affected locally, including telemedicine, outpatient, inpatient and prescriptions.

A statement from Rhode Island-based CVS says that while it is continuing to fill prescriptions following the cyberattack, "in a small number of cases we are not able to process insurance claims or copay coupons, which our business continuity plan is addressing to ensure patients continue to have access to their medications."

Pediatrix, a pediatrics provider with two clinics in the Valley, has had to withdraw funds from its line of credit to make payments that can't be delayed, including payroll and utilities, practice manager Jay Caruthers said. Payments to some vendors have been indefinitely delayed, Caruthers said.

Change Healthcare is generally a good product, which is what is making the cyberattack so difficult, Caruthers said.

"We've all come to depend on it. It's a significant part of what we do in the field," he said. "In the past five to 10 years we have become so dependent on the technology. In the past we did manual claims and called the insurance company. ... We no longer have those old ways, or the staffing power to do that."

Some providers complain that Change Healthcare has not been communicative enough with information about the attack. Caruthers told The Arizona Republic that his practice learned about the cyberattack from the pharmacies that they work with, not from Change Healthcare. Rather, they thought there was something wrong with their prescription software.

Physicians seeking post-attack help from the federal government

The cyberattack has amplified the vulnerability of a system "that has been overwhelmed with unsustainable pressurefor decades," Maricopa County Medical Society CEO and executive director Desire'e Hardge wrote in an emailed statement.

"Compounded with physician burnout, Medicare physician payment cuts, workforce storage,and everything in between, the pot is boiling over," Hardge wrote.

The American Medical Association on March 1 sent a letter to U.S. Health and Human Services Secretary Xavier Becerra urging his federal agency to "use all its available authorities to ensure that physician practices can continue to function, and patients can continue to receive the care they need."

Caruthers, the Pediatrix practice manager, is concerned about future hacks on large systems like Change Healthcare, which he characterizes as a claims "clearinghouse."

"The hackers have always gone after individual entities in health care like hospitals and pharmacy companies. But I think they found a pressure point with these clearinghouses," he said.

"The clearinghouses are the matrix. They are the thing that's in between that has all these little spokes, and is kind of how all of us communicate. That's my biggest fear. ... The reality is hackers have found this is a sensitive spot within our health care system and I'm sure they'll take advantage of this again."

Reach health care reporter Stephanie Innes at Stephanie.Innes@gannett.com or at 602-444-8369. Follow her on X @stephanieinnes.

This article originally appeared on Arizona Republic: Cyberattack hurts Arizona health providers. Here's what to know