Six months after the fall

This thought leadership article reveals revenue cycle KPIs that quantify the impact of the Change Healthcare cybersecurity attack on providers.

Sep 8, 2024

Six months after the fall

In February, cybercriminals attacked Change Healthcare and upended the revenue cycle for providers. Exclusive data from Kodiak reveals the impact.

Cybercriminals attacked Change Healthcare on Feb. 21 and disrupted the company’s claims processing systems. That attack brought healthcare provider organizations’ revenue cycle workflows to their knees and, along with them, the organizations’ cash flow.

UnitedHealth Group, which owns Change Healthcare, said Change restored most of its claims processing systems by April 22, or about two months after the initial attack. Anecdotally, though, we hear that many provider organizations are still feeling the attack’s effects six months later.

We decided to use Payor Market Intelligence to quantify the impact. PMI collects, aggregates, and normalizes more than 50 revenue cycle KPIs from more than 1,900 hospitals and 250,000 physicians who use the Kodiak Revenue Cycle Analytics platform to manage their net revenue and track their revenue cycle performance.

Here are five stories that the numbers are telling us.

The initial claim denial rate is rising, jumping from 11.13% in February, the month of the Change Healthcare attack, to 11.80% in June.

The request for information claim denial rate is rising, jumping from 3.14% in February to 3.70% in June.

The prior authorization and precertification claim denial rate is up from 1.53% in February to 1.57% in June.

After an initial drop, true accounts receivable greater than 90 days expressed as a percentage of net revenue is up, growing from 30.31% in March to 34.98% in June.

Providers are writing off a larger percentage of net patient service revenue because of denied claims.

Clearly, the first four months after the Change Healthcare cyberattack weren’t good for provider organizations. Claim denial rates went up. Providers waited longer to get paid. Providers wrote off more money because of claim denials. These are not good trends.

We all know correlation isn’t causation. We can’t say the Change Healthcare claims processing shutdown caused these five trends. But we can say the start of these alarming trends coincided with the shutdown. The event triggered something in the healthcare revenue cycle that many providers are still recovering from.

The question is whether these negative trends touched off by the Change Healthcare attack are temporary or permanent. Let’s hope it’s the former.

Either way, thanks to the objective data from PMI and Kodiak RCA, we’ll know the answer.

We’ll be talking more about the impact of the Change Healthcare cyberattack on the healthcare revenue cycle at the 2024 Kodiak Solutions Healthcare Summit in Nashville and virtually Sept. 22-25, 2024.

The four-day event will offer numerous opportunities for attendees to share their stories and compare their revenue cycle KPIs in the wake of the shutdown in Change Healthcare’s claims processing capabilities. The opportunities include Summit breakout, ideation, and interactive sessions on adapting revenue cycle operations to drive net revenue improvements, and updates on the year in revenue cycle, revenue cycle intelligence and PMI intelligence.

Contact Us

Want the latest updates from Kodiak?

Get access to our communications, including our Healthcare Connection newsletter, to tap into industry trends, CPE webinars, and more.

Get started with a 15-minute call

schedule now