Cyber-crimes in the healthcare industry are on the rise in the United States.

A recent attack on Change Healthcare, for instance, has resulted in the disruption of eligibility verification, prior authorization processing, and claims payments.  According to the UnitedHealth Group website: “there’s no indication that Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.” However, our members may still be experiencing disruptions and have reached out to the NYSCA for direction in this matter. 

What does this attack mean for Insurers and Healthcare Providers?

According to UHG: “Change Healthcare recommends that providers use the applicable payer’s portal to check claim status, as well as complete eligibility verifications and prior authorizations.” Additionally, they have indicated that “temporary funding assistance is being provided through Optum Financial Services for provider organizations impacted by the payer system outage. Eligible providers can register at www.optum.com/temporaryfunding, using an Optum pay account without incurring fees or interest.”

Please visit https://www.unitedhealthgroup.com/changehealthcarecyberresponse for more FAQs related to this incident.

How can Providers protect themselves and their patients?

Awareness of potential sources of attacks is vital to protect yourself, your practice, and your patients against cyber attacks. NCMIC has provided several articles that bring attention to areas of concern and highlight steps individuals can take in minimizing the risks:

• Avoiding a Ransomware Attack
• Take These 3 Cybersecurity Steps to Help Protect Your Practice
• Four Ways to Help Defeat Cyber Attackers

HIPAA Compliance and Risk Assessments

An integral part of maintaining HIPAA compliance for your practice and protecting your patients’ Personal Health Information (PHI) is regularly conducting a comprehensive risk assessment to determine potential areas of vulnerability. (Is Your Chiropractic Office HIPAA Compliant? | ChiroHealthUSA)

‌This includes evaluating physical, technological, and administrative processes where your patient data may be at risk. There are many companies that offer  services to assist your practice in maintaining compliance, such as TLD Systems, HCSI Inc, and Compliancy Group.

NCMIC offers a free on-demand webinar to further assist you with HIPAA Awareness Training and Risk Assessment.

The NYSCA encourages you to take full advantage of these free online resources as you work to maintain HIPAA compliance and ensure your practice’s cyber security.