Introduction
In recent times, healthcare technology companies have become prime targets for cyberattacks, particularly ransomware incidents. These attacks have sent shockwaves through the healthcare sector, highlighting the vulnerability of its infrastructure.
Cyberattacks, including ransomware incidents, have increasingly targeted healthcare technology companies, causing significant disruptions across the healthcare sector. These disruptions have profound implications for healthcare providers, payers, and risk adjustment programs. The most recent attack on a major healthcare vendor—responsible for services such as payment and billing, prescription processing, and data analytics—underscores the vulnerability of the healthcare infrastructure. This technology firm’s significant reach, touching one in every three patient records, amplifies the potential impact of such breaches.
The Immediate Fallout for Healthcare Providers
For healthcare providers, the consequences of such attacks are immediate and multifaceted. Critical operations such as billing, eligibility checks, prior authorization requests, and prescription fulfillment have been disrupted. This not only affects the financial health of healthcare providers but also compromises patient care. The inability to verify insurance eligibility, for example, restricts providers’ capacity to accept new patients and manage ongoing care effectively. Such delays and disruptions directly impact patient access to necessary medical interventions and medications.
Impact on Payers and Risk Adjustment
The repercussions extend to payers and risk adjustment processes, particularly for those under tight deadlines for data submissions, such as the commercial Affordable Care Act (ACA) program. The interruption in data flow from providers to payers due to compromised clearinghouses can lead to significant delays in claims processing. For health plans participating in the ACA program, the mandated submission of data by April 30th, 2024, for the 2023 Dates of Service claims becomes a daunting challenge. The risk of not meeting this deadline poses a substantial threat to the accuracy and timeliness of risk adjustment payments, calculated by the end of June 2024.
The Butterfly Effect on Risk Adjustment Programs
The downstream impact of these cyberattacks on risk adjustment programs can be likened to a butterfly effect, where small initial discrepancies lead to significant unintended consequences. A potential drop in risk scores by 2-3% due to untimely data submissions could translate into millions of dollars in losses for health plans, especially for those with large member volumes. Each 1% change in risk score represents a significant financial stake for health plans, underscoring the critical nature of timely and accurate data submission.
Are We Prepared?
This situation raises important questions about preparedness and resilience in the face of cyber threats. It emphasizes the need for health plans and providers to:
- Maintain an inventory of monthly trending of encounter data received from providers, along with tracking anomalies and drops in data processing that includes both medical and pharmacy claims.
- Develop processes to support and collect data through alternative means if traditional clearinghouses are compromised, including supplemental data or alternate data submissions.
- Prepare to generate and submit XML data to Edge Servers if data is processed outside standard formats.
Given the severity of these impacts, one potential remedy could be to request an extension of timelines for 2023 data submissions from CMS, similar to the extension granted during the 2020-21 COVID-19 pandemic. This would allow health plans to assess the impact thoroughly and discuss the necessity of extending the data submission deadline beyond April 30, 2024.
The recent cyberattacks on healthcare technology providers serve as a stark reminder of the fragility of our healthcare data infrastructure. The far-reaching implications of such incidents underscore the need for robust cybersecurity measures, contingency planning, and flexible regulatory frameworks to mitigate the impacts of these disruptions on healthcare delivery and financial stability. As we navigate these challenges, it becomes increasingly clear that a collaborative effort between healthcare providers, payers, technology vendors, and regulatory bodies is essential to safeguard the integrity of our healthcare systems and ensure the continued delivery of high-quality care.
