Healthcare workers and consumers should pay closer attention to which entities are overseeing the landscape in light of the recent Change Healthcare cyberattack, says spine surgeon Brian Gantwerker, MD.
Dr. Gantwerker, of The Craniospinal Center of Los Angeles, shared the issues he feels the Change Healthcare incident exposed in the industry.
Note: This response was lightly edited for clarity.
Question: How has the Change cyberattack affected operations at your practice?
Dr. Brian Gantwerker: Thankfully, we are diversified enough that we are able to navigate rises and falls in revenue streams. Many of my colleagues are not, and I am incredibly angry for them. In the last 24 hours, the department of Health and Human Services agreed to float cash to hospitals claiming hardship. The department, run by a lawyer named Xavier Becerra, who was quoted on NPR as saying doctors "gouged patients" while the healthcare system buys up large parcels of land, pay their executives into seven figures and of course payers post profits in the billions. No one should be surprised at the actions of HHS, essentially protecting and promulgating C suite officers paychecks but neglecting physicians and the employees and patients they support. In effect it worsens the shortage of doctors and decreases access. As far as patterns go, the further consolidation in the healthcare space leads to more cost.
And as evidenced by a few IT people forgetting to patch Change's software left vulnerabilities that a hacker exploited. Now imagine, Change, which is run by United Healthcare is part of a single payer system. It is still unknown how much damage was done, but payments to physicians have been severely affected. Now imagine that Change, and therefore UHC, runs this system and all physician payments go through this system. One bad actor hacking group could effectively shut down the entire system. If this is not a warning shot across the bow to let a for-profit company have the keys to our healthcare system, I do not know what is. This, along with the tumult going on in the United Kingdom should show stakeholders that placing all of our healthcare resources in the hands of one, giant, unaccountable entity is akin to betting your entire stock portfolio into Enron in August of 2000.
In the grand scheme of things, Change will pay about $22 million in ransom, equivalent to one year’s salary of the CEO of UnitedHealth. Most likely exactly no one — not the hackers and not the IT people that did not keep up with their software patches will be held accountable. It is time we asked ourselves: "Is this a group of people we want driving our system with all of us in the back seat?"
This incident should concern all of us in healthcare, as well as our patients. Now, if we can just get the people that seemingly have the discretion to make the decisions that place these unconcerned, and from the looks of it, incompetent entities in charge to pay attention — we would be getting somewhere.