Washington, D.C. - Congressman Michael C. Burgess, M.D. (R-TX), Chairman of the House Budget Committee Health Care Task Force, and the Congressional Doctors Caucus members sent a letter to Centers for Medicare and Medicaid Services (CMS) urging them to take immediate action after the Change Healthcare ransomware attack on February 21st. The letter urges CMS to hold those responsible for the attack accountable, address vulnerabilities the breach revealed, and ensure America’s providers receive support and information in an efficient manner.
“It is imperative that providers, patients, health systems, health plans, and vendors, receive needed information and resources promised by CMS," said the GOP Doctors Caucus co-chairs. "We have heard that commercial insurer payments have been inadequate, unpredictable, and slow, with little support for providers in the process. Some providers are also not receiving resources and administrative flexibility needed from CMS. CMS must recognize and address this serious disruption as soon as possible for the health of patients, the financial viability of providers, and the safety of our critical health infrastructure."
Click here for full letter.
On the concern of the ransomware attack impacting the American health care system:
We write to express concern regarding the Change Healthcare ransomware attack that has impacted a significant portion of the American health care system. On February 21st, UnitedHealth Group, and its division, Optum, Inc., reported that their subsidiary, Change Healthcare, had fallen victim to a ransomware cyberattack. This attack has disrupted the lives of patients, doctors, pharmacists, and countless other health industry professionals due to outages in systems used for medical billing and insurance claims. If not addressed quickly, alarming reports of the negative implications for our health care system, threats to patient care, access to critical medications, and the ability of physicians to operate their practices will continue. We urge the Center for Medicare and Medicaid Services (CMS) to use existing statutory authorities to hold relevant actors accountable to ensure promised support is delivered to America’s providers.
On urging CMS to take immediate action and address the ransomware attack:
While we acknowledge the Department of Health and Human Services and CMS have put out multiple statements recognizing the disruption and indicating they would work with the Medicare Administrative Contractors (MACs) and insurers to provide some resources and administrative flexibility for providers, we urge immediate action to ensure all, not just some, providers are getting the resources and information they need. Additionally, we have been made aware that the commercial insurer payments provided have been inadequate, unpredictable, and slow, with little support for providers in the process. Therefore, we encourage CMS to use their existing authority to ensure timely resolution by ensuring physicians have the information and resources they need and communicating with affected payers to accomplish that goal.
Our health care system is and will remain a critical infrastructure, and the risks of cybersecurity attacks are a domestic and international threat to the ecosystem at large. The result of the breach has far-reaching implications for providers, patients, health systems, health plans, and vendors. This situation sets a dangerous precedent for potential impacts moving forward if our health systems are not adequately protected. It is critical that Change Healthcare operations are reestablished safely as soon as possible, and CMS should work to communicate with providers and inform them of the resources available to them.
###
