A cyber warning for health care

Opinion editor’s note: Editorials represent the opinions of the Star Tribune Editorial Board, which operates independently from the newsroom.

•••

The email from a Star Tribune reader had the word “Desperate” in the subject line. The author: Karin Olson, 76, of Richfield, who has Type 1 diabetes and depends on her Dexcom continuous glucose monitoring system to manage this serious condition.

Olson, a former registered nurse, recently found herself facing a potential care crisis through no fault of her own. The sensors on her Dexcom system are designed to last for up to 10 days before needing replacement, and monthly costs range from $440 to $470, according to GoodRx.com. Medicare typically covers the supplies she needs. But after a recent cyberattack on a medical claims-processing company acquired by Minnesota-based UnitedHealth Group in 2022, Olson couldn’t get new sensors at her local Walgreens or anywhere else.

“Now I’m in panic mode. No pharmacy is willing to refill my sensor supplies because Medicare can’t reimburse them as a result of the recent hacking. I’m running out of supplies. This is a life-threatening situation for me and others with Type 1 diabetes,” Olson wrote on Thursday morning. As for just paying for the supplies herself, Olson told an editorial writer that she’s on a fixed income with limited resources.

Fortunately, by Thursday afternoon, ongoing efforts by Walgreens and UnitedHealth appeared to have resolved this snag. In a phone call, a Walgreens district manager told Olson that a workaround had been found, and her prescription was ready for pickup with the usual copay.

Even though it ended well, Olson’s plight merits a broad spotlight and deeper understanding by policymakers and the public, with Congress in particular needing to explore how the cyberattack happened and how to prevent another one. At a minimum, a high-profile hearing is in order.

The UnitedHealth-owned company targeted is called Change Healthcare. It’s helpful to think of it like the Visa or MasterCard of the health care world, handling a broad array of claims and related financial transactions. The attack on the company resulted in the process of billing and paying for health care in many areas across the nation coming to a virtual standstill.

The Minnesota Hospital Association (MHA) merits praise for giving early warning to the nation about the cyberattack’s potentially dire financial impact on providers. “We could be fast approaching a financial cliff,” MHA CEO and president Dr. Rahul Koranne said on Thursday.

U.S. Sen. Amy Klobuchar, D-Minn., whose involvement drew praise from the state’s medical providers this week, clearly understands the urgency. “This cyber-attack by apparent foreign operatives threatens access to lifesaving care and underscores the urgency of strengthening our cybersecurity systems,” she said in a statement to an editorial writer on Friday.

“I have also raised this issue directly with senior officials at the Department of Health and Human Services to ensure they are taking direct and immediate action to protect the health care community. UnitedHealth Group must do everything in its power to swiftly address this situation and ensure patients can continue to access the medications and care they need.”

Klobuchar’s leadership is welcome. The Star Tribune Editorial Board also urges her to take the lead in congressional follow-up. She’s authored a book about antitrust issues. The cyberattack’s broad, harmful impact deepens concerns about ongoing consolidation within health care. It’s important to note that federal officials challenged United’s $13 billion acquisition of the company.

Electronic payment functionality will be available for connection beginning March 15, the company reported. And, “We expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week.” UnitedHealth Group CEO Andrew Witty also said in the statement that “We are determined to make this right as fast as possible.”

That’s commendable, but the American Hospital Association and other providers have been far from satisfied with United’s assistance to them so far. “We need real solutions — not programs that sound good when they are announced but are fundamentally inadequate when you read the fine print,” the American Hospital Association’s president said in a Monday letter to United leadership.