Small, Financially Struggling Providers At Risk From Change Cyberattack: Moody’s

An article from

Dive Brief:

• Small providers with weak finances are most likely to struggle from disruption caused by the cyberattack against Change Healthcare, according to a Friday report from Moody’s Investors Service.
• Rated nonprofit and for-profit hospitals will likely be able to handle the financial challenges caused by the attack on UnitedHealth-owned Change, since they generally have good liquidity and can access short-term loans, the credit ratings agency said. 
• But larger providers with thin margins could eventually run low on cash, particularly if UnitedHealth Group is unable to restore Change systems by mid-March as expected.

Dive Insight:

The cyberattack against Change has disrupted the healthcare industry for nearly three weeks, creating a range of financial and operational challenges for providers. 

Change, which was acquired by insurer UnitedHealth in 2022, handles billions of healthcare transactions annually and impacts a third of patient records, according to a letter from the American Hospital Association.

Providers have said receiving payment from patients and insurers, verifying coverage, submitting prior authorization requests or exchanging clinical records has been affected by the outage. Workarounds to affected systems are also time-consuming, adding extra work for providers and administrative staff, provider groups said.

Late last week, UnitedHealth reported a timeline for restoring operations, expecting to bring electronic payments back online beginning March 15 and starting to test its claims network and software on March 18. 

The healthcare conglomerate also said it would give additional financial relief to providers, including advancing funds weekly through its insurer segment and expanding the temporary financing program it announced earlier this month.

Federal regulators have rolled out flexibilities for providers as well. The CMS announced Saturday it would also consider applications for advance payments for Medicare Part B suppliers who face claims disruptions during the outage.

But the accelerated payment program from the CMS may not fully cover cash shortfalls, according to Moody’s report. The program will likely be more limited than COVID-19 pandemic-era relief, and the regulator is considering requests for advance payments on a case-by-case basis.

Overall, providers’ credit impact will depend on how delays in payment affect cash flow needed to meet its expenses, Moody’s said. Providers with weak liquidity before the cyberattack are more likely to run out of cash, and those that rely on Change alone for filing claims are also at higher risk.

“Providers with small scale, a weak financial profile, who only use Change and have little headroom in meeting debt covenants stand to suffer the most from the disruption,” Kailash Chhaya, vice president and senior analyst at Moody’s, wrote in the note. “Larger providers with more resources are in a better position to weather cash flow difficulties.”

Bigger and more geographically dispersed providers are more likely to use more than one clearinghouse, which would mitigate the impact of the courage. Some have moved their business to other clearinghouses. But that can be onerous, especially for providers who exclusively used Change, according to the report.