Change Cyberattack Could Damage Credit At Small Providers: Fitch

Dive Brief:

• The cyberattack against Change Healthcare could damage the credit of smaller providers, pharmacies and other healthcare organizations that rely on the UnitedHealth-owned technology company for financial services, according to a Monday report from Fitch Ratings.
• Small companies likely already have worse credit ratings and may have less flexibility to absorb even temporary disruptions to their cash flows, Fitch said. Organizations with higher ratings, which are often public companies, could probably withstand these challenges, but industry watchers will learn more when they report first quarter financial results. 
• The Fitch report comes as the federal government and fellow credit ratings agency Moody’s Ratings have raised concerns about the financial strain on smaller providers caused by the weeks-long outage at Change.  

Dive Insight:

UnitedHealth said it’s made progress restoring Change systems, which have been disrupted since late February. On Monday, the company reported its medical claims preparation software was back online, and it had begun testing and implementation with its first providers. On Friday, Change’s electronic payment platform was restored.

But some providers fear longer-term effects from the outage. A survey conducted this month by the American Hospital Association found 44% of hospitals expected the negative revenue impact to last for two to four more months.

Larger, publicly traded companies have mostly not submitted filings with the Securities and Exchange Commission related to Change, suggesting they don’t view the attack as a significant event for their shareholders, Fitch said in its report. 

Moody’s noted that smaller, financially weak providers who rely on Change alone for filing claims are at the highest risk, while larger organizations with good liquidity could more easily weather the outage.

Officials from the White House and the HHS have called on payers to support providers, particularly by targeting advance payments to small, rural and safety-net organizations.

The Change attack comes as cybersecurity remains a more pressing concern for the healthcare sector. In 2022, Fitch released a report on the credit risk of cyberattacks in the industry, noting the increasing frequency and severity of attacks represents a potential financial and reputational hit to healthcare companies.