Some Blue Cross Blue Shield plans are reconnecting to Change Healthcare's platforms and other plans are not, the BCBS Association told lawmakers April 16.
In testimony submitted to the House Energy and Commerce Committee, David Merritt, senior vice president of policy and advocacy for the association, wrote that "strong, independent attestations" that Change's systems are secure are a top priority for payers and providers.
"While some BCBS Plans are in the process of reconnecting to individual Change applications, others are not — citing a lack of engagement or direction from Change Healthcare as well as the lack of detailed, independent attestations that each system they bring back online is safe for reconnection," Mr. Merritt wrote.
On April 16, the House Energy and Commerce Committee held a hearing probing the cyberattack that brought down Change Healthcare's systems for several weeks. No representatives of UnitedHealth Group, which owns Change Healthcare, attended the hearing.
Most of Change Healthcare's systems have been partially or fully restored as of April 16, according to its website. A few systems are still awaiting restoration.
"We rapidly deployed resources to develop alternative solutions and move promptly to restore claims and payment services," UnitedHealth Group CEO Andrew Witty told investors April 16. "We've made substantial progress, and we will not rest until care providers' connectivity needs are met."
In his testimony, Mr. Merritt wrote that with a few exceptions, claims volumes for BCBS plans are at or above normal levels. Plans supported affected providers by facilitating transitions to more than 50 alternative clearinghouses and providing advanced payments and flexibilities to providers.
Change Healthcare, the largest claims clearinghouse in the U.S., was first hacked by a ransomware group Feb. 21, leading to widespread disruptions across the healthcare system. According to the American Hospital Association, more than half of hospitals have reported a "significant or serious" financial impact from the hack.
The BCBSA has not received information from Change Healthcare on the extent to which BCBS member information was exposed in the breach, Mr. Merritt wrote.
A ransomware group posted patient records and contracts purportedly stolen in the hack to the dark web, according to TechCrunch. The group claims to have 4 terabytes of data stolen from Change.
"As we wait for Change to disclose more details on the scope of the affected data, it is important to note that under the current notification rules, there is the real potential that patients could become inundated with conflicting information, confusing updates and multiple notifications," he said.
If notifications are not streamlined, patients could receive multiple data breach notifications from insurers, providers and pharmacies affected by the hack, according to the BCBSA.
The hack, the largest-ever cyberattack on the U.S. healthcare system, is a "clear call for everyone in healthcare" to strengthen their security, Mr. Merritt said.
"We are evaluating steps that could be taken to improve communication across the private and public sectors and create resiliency and redundancy in operations," he said. "If done properly across the industry, we can be more confident that an attack on a single entity does not create mass disruption for the entire system."
Becker's has reached out to UnitedHealth Group for comment and will update this article if more information becomes available.