How a cyberattack is inspiring a better health care system

Jason Considine: ©Experian Health

The aftermath of a significant cyberattack that recently crippled the health care industry is acting as a catalyst for progressive change and sparking important conversations surrounding innovation with a particular focus on the importance of resilience.

One of the nation’s largest clearinghouses was hit with a cyberattack that caused a ripple effect across the industry’s financial infrastructure, impacting everything from claims, patient eligibility, and authorizations, causing organizations to default back to manual processes like phone calls and faxes, all of which led to a halt in payments to providers that, in turn, led to massive disruption in revenue cycle operations and cash flow. The American Hospital Association (AHA) has called the cyberattack “the most significant cyberattack on the U.S. health care system in American history,” and an AHA survey details the results: 94% of operators are reporting financial impact, with more than half reporting “significant or serious” impact. Of the 82% of hospitals reporting impacts on their cash flow, nearly 60% report that the impact to revenue is $1 million per day or greater.

Now the industry is facing far-reaching implications and it’s time to make much-needed changes. The cyberattack exposed weaknesses that go beyond the claims denial crisis that must be addressed together as an industry.

Need for modernization

Frustration surrounding claims management, specifically authorizations and denials, is not new. In recent years, the industry has seen artificial intelligence (AI) and automation work their way into the health care ecosystem and make headway. Experian Health’s 2024 State of Patient Access found that some of the top challenges for providers are efficient authorizations and improving speed and accuracy of patient information prior to claim submissions. In fact, 49% of providers say patient information errors are a primary cause of denied claims. With AI tools working to prevent claim denials and spot claim errors before submission to the payer, and automation tools capturing patient data at registration in just seconds, we’re slowly but surely witnessing more acceptance of this technology and seeing its benefits.

Further modernization of the health care revenue cycle and ecosystem needs to remain a focus. The widespread reach paired with the gravity of the results of the cyberattack took the industry by surprise and shed more light on the systems and processes that limit the way the ecosystem can respond and recover from such an attack. Providers frantically searched for ways to work around what the attack had set in motion and quickly recognized the significant challenges they faced ahead.

There is room to improve processes and safeguard the industry from this type of crisis occurring again, and the technology that can do just that already exists. For example, vendors specializing in claims management have AI-powered tools to prevent denied claims and the ability to scale in order to process massive amounts of claims without delaying payments for providers. Stakeholders across the industry are recognizing the glaring need to diversify reimbursement options and foster a more resilient ecosystem that can withstand unforeseen disruptions.

Payer exclusivity and clearinghouses

Lawmakers recently met and focused on the risks of “massive vertical integration” in the health care system. Congressman Frank Pallone pointed to his concern “that there are fewer redundancies in our system and more vulnerability to the entire system” if large entities with immense control within the ecosystem are compromised.

This event put a spotlight on payer exclusivity which can put the entire industry at risk when there is only one pathway to any given payer. There should be no exclusive connections to a payer through one clearinghouse. We need alternative routes for providers which would de-risk the amount of time providers aren’t able to submit a claim and get services back online through other channels.

Enrollment process

This cybersecurity incident also exposed and highlighted another issue that providers and the industry as a whole have been challenged with for years—the antiquated enrollment process. Many payers still require paper enrollment documentation in order to transmit claims through a new clearinghouse. In addition, all payers require enrollment documentation for electronic payments and only allow a provider to be enrolled to receive payments through a single clearinghouse. Under normal circumstances, it can take months for a payer to process the required enrollment paperwork required for a provider to electronically transmit claims and receive electronic payments. With the volume of enrollments occurring during this cybersecurity incident, this process took even longer.

The technology is available to make the enrollment process more efficient and less labor intensive. The question is, is there a desire to make it better? The industry needs a modernized payer enrollment process that allows enrollments to be processed in days versus months, which would enable providers to migrate their claims and payment transactions to an alternative option and restore cash flow in just days.

Invest in solutions that work

To better serve patients, providers and payers need a seamless working relationship. The industry has learned some valuable lessons in the aftermath of this cyberattack. The biggest lesson? Despite all the talk and use of technology, America’s health care payment processes are still woefully manual, insidiously complex, and outdated. When we really apply ourselves and the advanced technology solutions available, amazing things are possible.

This cyberattack highlighted a significant pain point in the health care ecosystem, but it’s just one of the factors. The pandemic, ongoing staffing shortages, and claims management issues all expose the problems associated with antiquated processes in our health care system and just how much opportunity still lies ahead for digital transformation. The hope is that this cyberattack acts as a positive catalyst for change and progress toward the modernization we need for a seamless revenue cycle.

Jason Considine is the Chief Commercial Officer at Experian Health.