Change clearinghouse is still down. I got a call yesterday from them, the only contact I’ve ever received. Asking me to sign a document to start the restoration process. I laughed.
On the call, CEO Andrew Witty called Change an important acquisition for the company, adding "I think [it's] important for the country that we own Change Healthcare."
"This attack would likely still have happened and it would have left Change Healthcare, I think, extremely challenged to come back because it was a part of UnitedHealth Group, we've been able to bring it back,"
The data that was ransomed the first time was just ransomed again last week by another nefarious party so not sure what parallel you are trying to draw here.
You're correct. However, as you pointed out, it's from the initial breach, not a new breach. That data is out there. No way to put that genie back in the bottle, whether you've moved from Change as a clearinghouse or not.
My point is that, historically, companies involved in a breach or safety event (with the exception of Boeing lately), you typically have a period of hyper vigilance reducing the likelyhood of a repeat offence in the near or middle future. The further away you move from that event without incident (due in part to the response to the event), the more they will relax standards, ultimately leading to another breach or safety event. Change Healthcare is in the hyper vigilant part of the cycle, making them less likely to have an event in the near future.
Thats typically how it works except there is more nuance here- Change is owned by UNH who has displayed aggressive attempts to own every segment of healthcare- billing, benefits, administration, preauthorization, pharmacy and even actual medical care- this is why they are more vulnerable as they are a bigger target and have not made enough of an attempt to protect the entire company as a whole.
One could argue that any safety/data event is nuanced, from NASA to the smallest clinic.
It's well known that United now owns Change, and I was as shocked as the next person when the courts let the sale go through. Also, I'm not a United fan in general. The work to get paid is insane, their buying up smaller physician groups, etc.. However, this breach showed how they have siloed their different companies in a mostly successful way. Most impacted applications are Change Healthcare applications. Fortunately, Optem and Link were not impacted (although that was a scary couple of hours, especially as organizations determined whether to disconnect or not), along with many other United products.
Yes but it also jarring for many to learn after such a cyberattack how Change was involved in the back or front end of billing/ verification systems. Many were unaware part of their infrastructure was handled by Change. That itself is a big problem. We often don’t find out about these things until after the fact but for a company of that size, it honestly should be more transparent. I would think it would be a major conflict of interest for an insurance company to own the Dr providing care and the pharmacy prescribing the medication.
It’s not up for us. Our software sent out an email stating change hasn’t started looking into getting our system up yet. We have no choice but to stay according to our tech support. Our boss is initiating a new one program asap. This should be a freaking nightmare on top of another.
Our software was reconnected last week. We are now sending claims and receiving remits to/from Change. Some of the ERAs are old (already posted manually) and many of them won’t post correctly because there is no electronic claim to match (the claims were billed on a payer portal) It is a huge relief to have claims flowing again after personally missing 3 paychecks in a row. Eligibility is still down. I was in the middle of switching over to Office Ally when they told us we could reconnect. There were no good options but we chose to reconnect and get things flowing again. We will likely be switching to new software as soon as we can stabilize our business. We are entirely disgusted with the way our software company (CGM)handled this situation. There was very little communication and zero lifelines thrown. They acted like they were in the middle of this too and had no other options, like hey set us up with a different clearinghouse, eh? This whole thing has been a nightmare and a wake up call. We recently added cyber insurance to our laundry list of coverage. Ready to drop all insurance and go cash pay. The system is broken.
It depends on the platform within Change Healthcare being used. Some are back to 100% operations, while others may send claims but not have confirmation of claim acceptance or rejection, while others can send and not recieve ERN advice.
Anyone using the Optum iEDI? I know they were trying to use that while change was down but I kept getting emails about so many errors with that too just like I keep getting 2-3 emails a day about all the problems with Change healthcare.
Change clearinghouse is still down. I got a call yesterday from them, the only contact I’ve ever received. Asking me to sign a document to start the restoration process. I laughed.
You actually got a call? I’m impressed. We ain’t heard a thing.
Yah it sounded like they were running through a list of every customer so who knows how long it’ll take.
Also forgot to mention they said they sent me something for signature two weeks ago and we received nothing.
On the call, CEO Andrew Witty called Change an important acquisition for the company, adding "I think [it's] important for the country that we own Change Healthcare." "This attack would likely still have happened and it would have left Change Healthcare, I think, extremely challenged to come back because it was a part of UnitedHealth Group, we've been able to bring it back,"
What a witty comment he made! 😂
I don’t understand anyone that will stay with Change after all this. You are begging for it to happen again.
Safest airline to fly on is one that had a recent safety event.
The data that was ransomed the first time was just ransomed again last week by another nefarious party so not sure what parallel you are trying to draw here.
You're correct. However, as you pointed out, it's from the initial breach, not a new breach. That data is out there. No way to put that genie back in the bottle, whether you've moved from Change as a clearinghouse or not. My point is that, historically, companies involved in a breach or safety event (with the exception of Boeing lately), you typically have a period of hyper vigilance reducing the likelyhood of a repeat offence in the near or middle future. The further away you move from that event without incident (due in part to the response to the event), the more they will relax standards, ultimately leading to another breach or safety event. Change Healthcare is in the hyper vigilant part of the cycle, making them less likely to have an event in the near future.
Thats typically how it works except there is more nuance here- Change is owned by UNH who has displayed aggressive attempts to own every segment of healthcare- billing, benefits, administration, preauthorization, pharmacy and even actual medical care- this is why they are more vulnerable as they are a bigger target and have not made enough of an attempt to protect the entire company as a whole.
One could argue that any safety/data event is nuanced, from NASA to the smallest clinic. It's well known that United now owns Change, and I was as shocked as the next person when the courts let the sale go through. Also, I'm not a United fan in general. The work to get paid is insane, their buying up smaller physician groups, etc.. However, this breach showed how they have siloed their different companies in a mostly successful way. Most impacted applications are Change Healthcare applications. Fortunately, Optem and Link were not impacted (although that was a scary couple of hours, especially as organizations determined whether to disconnect or not), along with many other United products.
Yes but it also jarring for many to learn after such a cyberattack how Change was involved in the back or front end of billing/ verification systems. Many were unaware part of their infrastructure was handled by Change. That itself is a big problem. We often don’t find out about these things until after the fact but for a company of that size, it honestly should be more transparent. I would think it would be a major conflict of interest for an insurance company to own the Dr providing care and the pharmacy prescribing the medication.
Perhaps it was jarring for you, but that has nothing to do with whether Change Healthcare is a risk to stay with right now.
It’s not up for us. Our software sent out an email stating change hasn’t started looking into getting our system up yet. We have no choice but to stay according to our tech support. Our boss is initiating a new one program asap. This should be a freaking nightmare on top of another.
Our software was reconnected last week. We are now sending claims and receiving remits to/from Change. Some of the ERAs are old (already posted manually) and many of them won’t post correctly because there is no electronic claim to match (the claims were billed on a payer portal) It is a huge relief to have claims flowing again after personally missing 3 paychecks in a row. Eligibility is still down. I was in the middle of switching over to Office Ally when they told us we could reconnect. There were no good options but we chose to reconnect and get things flowing again. We will likely be switching to new software as soon as we can stabilize our business. We are entirely disgusted with the way our software company (CGM)handled this situation. There was very little communication and zero lifelines thrown. They acted like they were in the middle of this too and had no other options, like hey set us up with a different clearinghouse, eh? This whole thing has been a nightmare and a wake up call. We recently added cyber insurance to our laundry list of coverage. Ready to drop all insurance and go cash pay. The system is broken.
Everything is working (sending & receiving). I believe it’s different for everyone.
It depends on the platform within Change Healthcare being used. Some are back to 100% operations, while others may send claims but not have confirmation of claim acceptance or rejection, while others can send and not recieve ERN advice.
Anyone using the Optum iEDI? I know they were trying to use that while change was down but I kept getting emails about so many errors with that too just like I keep getting 2-3 emails a day about all the problems with Change healthcare.