Medical providers remain in limbo as cyberattack impacts continue

4 person pose for a portrait
(From Left to Right) Kelly Johnson MA LMFT, Emily Benson MSW, LICSW, Katie Ducklow, MSW, LICSW and Adrienne Savor, MSW, LICSW pose for a portrait at Beginnings & Beyond, Play Therapy Minnesota on Wednesday in Edina.
Kerem Yücel | MPR News

In late February, Emily Benson noticed something strange: her counseling practice was getting no checks from insurance claims.

It was the start of a grating month and a half. Since then, her clinic in Edina has been making around five percent of the revenue it usually brings in. 

“It feels like COVID-19 all over again, but much, much worse,” Benson said.

Benson’s clinic, Beginnings and Beyond, took a hit after a cyberattack on a billing processing company called Change Healthcare. 

Create a More Connected Minnesota

MPR News is your trusted resource for the news you need. With your support, MPR News brings accessible, courageous journalism and authentic conversation to everyone - free of paywalls and barriers. Your gift makes a difference.

UnitedHealth Group — which owns Change — announced the attack on Feb. 21. It put providers and pharmacists nationwide in a bind. Change was a major hub in the insurance pipeline, processing about $1.5 trillion in claims per year.

After the hack, the system went down. Existing claims stalled, and new claims would not go through.

“Everything just went dark,” Benson said. “No income was coming in at all.”

Benson has been struggling to make rent and payroll. She had to request leniency on her rent in February and is considering taking out a home equity loan to close the gap.

“It’s pretty dire,” Benson said. “I know I’m not alone.”

Clinicians across the country say they are facing similar shortfalls.

Dr. Rachelle Hansen owns Stepping Stone Clinic, a psychology practice in Richfield with about 40 employees. About one month after the cyberattack, her clinic’s revenue had dropped about 70 percent.

Hansen said the struggle continues for some small clinics like hers. 

“It doesn’t just affect me, it affects my whole staff and being able to pay them,” Hansen said. “I’m not big enough to have big pockets of cash sitting around.”

A sign is seen
Sign for Beginnings & Beyond, Play Therapy Minnesota, seen on Wednesday, in Edina.
Kerem Yücel | MPR News

In March, UnitedHealth Group announced a temporary loan program for providers impacted by the cyberattack. So far, that program has fronted about $4.7 billion in no-interest loans to providers. The company launched a web page with updates and information for providers.

But for Hansen, the loan program has not closed the gap.

Hansen applied once and was denied; she applied a second time and said she was offered a $240 loan, with an option to reapply every week. She said that is a small fraction of the weekly revenue she is missing and comes with the added work of applications, re-applications, and a slew of paperwork.

Benson first took out a loan from UnitedHealth Group. Then, once the temporary funding came online, she took out a loan from that fund, too. 

Paul Jonas runs BreezyBilling, which helps clinics and practitioners file claims. His clients have had issues with the loans, too.

“I had stories of people getting pennies on the dollar of what they would have needed to keep operations open,” Jonas said. 

He said some clients turned to their credit cards and personal funds to maintain their businesses. 

In a letter to UnitedHealth Group, the American Hospital Association called the program “not even a band-aid” to the problem. 

UnitedHealth Group said it is still advancing more funds to providers through a restoration of the system.

“We know this has been an enormous challenge for health care providers and we encourage any in need to contact us,” said Andrew Witty, CEO of UnitedHealth Group, in a written statement in March.

Emily Benson poses for a portrait
Emily Benson MSW, LICSW, poses for a portrait at Beginnings & Beyond, Play Therapy Minnesota, on Wednesday, in Edina.
Kerem Yücel | MPR News

For some clinicians, figuring out workarounds and switching to different services that do not use Change has taken up many hours. 

Benson considered filing claims by hand, but does not have an administrative staff to help with that sort of undertaking.

“That’s not sustainable for one person with eight clinicians,” Benson said.

UnitedHealth has made progress recently in recovering. On March 27, the company said claims were once again flowing through the Change network.

But there is still a backup. Hansen said she’s now earning about half of her normal revenue.

“It feels a little unnecessary,” Hansen said. “These are companies with billions of dollars a year, and they have the data, and they also have the money to be able to do a quick fix.”

Benson said she has not been able to charge some people since the problem started, since it is unclear what some patients owe. Early on, she sent a letter to patients explaining the situation.

“We’re going to be billing families thousands of dollars at once,” Benson said. “I’m really worried about that.”

Cyberattacks on health care organizations are a growing concern; with huge amounts of patient data, they have become targets for hackers seeking ransoms. In February, an Eden Prairie radiology company was hit by an attack, forcing some clinics to divert their patients to other places.

UnitedHealth says it’s working with top cyber security teams after the hack.

Hansen wants to see greater cyber security measures in place, as well as clearer directions for clinicians if something like this happens again.

“I’m hoping this creates a bigger conversation,” Hansen said. “I would like us to really take a big look at conglomerate health care systems, and what that impact is on patient care.”