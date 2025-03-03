The Change Healthcare cyberattack hit the healthcare sector on Feb. 21, 2024, but its effects lasted far beyond that day. From large health systems to independent practices, providers and patients alike felt the effects of the cyberattack perpetrated by BlackCat/ALPHV cyberthreat actors for weeks, experiencing delays in authorizations for care and operational and financial disruptions.

Change Healthcare is a clearinghouse that is part of Optum and owned by UnitedHealth Group and processes 15 billion healthcare transactions annually. The revenue cycle departments within healthcare organizations were hit especially hard when one of their key tools was suddenly unavailable.

Nearly 75% of the approximately 1,000 hospitals surveyed by the American Hospital Association in March 2024 reported direct patient care impact as a result of the cyberattack, and 60% reported requiring two weeks to three months to resume normal operations. About 33% of respondents said that the attack disrupted more than half of their revenue.

OhioHealth was one of those hospitals that felt the impacts of last year's cyberattack.

"We were basically a single-source clearinghouse across all of our 16 hospitals and over 200 ambulatory sites," said Girish Dighe, vice president of revenue cycle at OhioHealth.

"So, hospital billing operations, professional billing operations, ran through that clearinghouse. We also did have some real-time eligibility and insurance verification processes with them as well too. But the main driver when it comes to revenue cycle and cashflow collections was the clearinghouse."

In the year since the cyberattack began, Dighe, like other healthcare leaders, has reflected on the decisions made in the early days of the Change Healthcare cyberattack, emerging with lessons learned and advice for fellow leaders.

Using a cyber risk playbook to guide incident response OhioHealth is a nonprofit health system in Central Ohio that submits approximately 8.3 million claims per year across its network of hospitals, ambulatory sites and other services. Months prior to the Change Healthcare cyberattack, Dighe and his team had already put together a cyber risk management playbook specifically around cyber risk for the revenue cycle. "That essentially means not just downtime procedures for any type of outage, but more of a longer-term downtime and how we would understand our primary systems, secondary systems, communication pathways and things across the revenue cycle components, whether it's coding, HIM, AR management or cash posting," Dighe explained. "So, we were lucky to have that. That immediately put us into a mode of action to use our playbook that we created." Essentially, Dighe and his colleagues had already worked to figure out how to navigate cashflow disruptions in the event of a cyberattack, which gave them a solid starting point to respond to this incident. The team also conducted simulations across the organization to see how cyber risks would affect different areas of the business, such as revenue cycle, scheduling teams, clinical services and pharmacy. Through these simulations, Dighe said he gained an appreciation for the cyber risk management practices that the organization maintained while getting visibility into remaining gaps. Dighe emphasized the importance of working with your organization's IT architecture and engineering teams to truly understand the technical system integrations from an IT perspective. What's more, Dighe emphasized that each organization's approach to cyber risk management and the creation of a playbook will vary based on factors like organization size and system complexity. "I think it's important for folks to know that everybody's cybersecurity risk protocols are going to be different at their organizations. Everybody's tolerance is very different," Dighe said.