Practice Viability Consequences of Cyberattack Weighed by House Subcommittee
By Emma Freer

The Feb. 21 cyberattack on Change Healthcare – and its consequences for physician practice viability, industry consolidation, and patient access to care – were the subject of the first of several anticipated congressional hearings on the topic. UnitedHealth Group – notably absent from the hearing – faces mounting pressure to account for the attack.  

San Antonio orthopedic surgeon Adam Bruggeman, MD, testified on his own behalf before the U.S. House Energy & Commerce Committee Health Subcommittee on April 16, highlighting several concerns shared by the Texas Medical Association. 

“The attack has exposed the vulnerability in our health care system and the disproportionate burden placed on physician practices by insurers, government payers, and third-party vendors,” he told lawmakers.  

Specifically, Dr. Bruggeman outlined the attack’s ongoing negative effects on his independent practice and others like it.  

“The Change outage was disruptive to the business of my practice, but most importantly it was disruptive to my patients,” he said. “Every minute my staff spent trying to reconcile [electronic remittance advice] with received payments, assessing which patients received incorrect bills, [and] resubmitting prior authorizations is time taken away from patient care.” 

Moreover, physician practices around the country found themselves in dire financial straits because of what Dr. Bruggeman characterized as an inadequate response from Optum, Change Healthcare’s parent company and a subsidiary of UnitedHealth Group, and from the federal government, further fueling industry consolidation. 

“To add insult to injury, some of these practices were purchased by Optum during the crisis,” he said. “There were even reports of Optum using the financial emergency caused by the cyberattack on its own subsidiary as legal justification to expedite its acquisition of physician practices.”  

U.S. Rep. Michael Burgess, MD (R-Texas), who serves on the subcommittee, echoed these sentiments and criticized what he described as victim-blaming of physician practices.   

“You did not leave the data out on the sidewalk for someone to drift by and pick it up like it was an abandoned wallet.  You were attacked. The government should be helping you with that. Change Healthcare should be helping you with that,” Representative Burgess told Dr. Bruggeman during the hearing.  

Prior to the hearing, subcommittee leadership had sent UnitedHealth Group CEO Andrew Witty a letter with 25 detailed questions, requesting his answers by April 29. 

“The cyberattack and resulting prolonged downtime of Change Healthcare systems has disrupted the entire American health care system,” they wrote. “We are interested in your efforts to secure Change Healthcare’s systems since it was acquired by your company and the efforts you are taking to restore system functionality and support patients and providers affected by the attack.” 

Senate Finance Committee Chair Ron Wyden (D-Ore.) also recently hinted at a forthcoming hearing on the cyberattack in the upper chamber, according to reports.  

In the meantime, Dr. Bruggeman called on Congress to pass legislation that would insulate physician practices from industry consolidation and other existential threats. 

“Allowing physicians to practice in the setting that is best for them, their patients, and the broader community should be the hallmark of our United States health care system,” he said. “Instead, the increase in administrative burden, including the new threat of potential cyberattacks, makes such events catastrophic for many providers.”  

Representative Burgess offered up his TMA-backed bill, the Patient Access to Higher Quality Health Care Act (House Resolution 977), which would overturn the federal ban on creating and expanding physician-owned hospitals.  

TMA also supports other bipartisan legislation that would bolster physician practice viability and thus better enable them to weather unexpected disruptions like the cyberattack. This legislation includes: 

  • The Strengthening Medicare for Patients and Providers Act (House Resolution 2474) by U.S. Rep. Raul Ruiz, MD (D-Calif.), which would provide annual inflation updates to the Medicare physician fee schedule. 
  • The GOLD CARD Act (House Resolution 4968) by Representative Burgess, which, drawing inspiration from Texas’ own TMA-backed gold-card law, would exempt qualifying clinicians from prior authorization requirements under Medicare Advantage plans. During the hearing, Dr. Bruggeman, a Texas gold-card holder, cited the benefits of this exemption during the cyberattack crisis.   
  • The No Fees for EFTs Act (House Resolution 6487) by U.S. Rep. Greg Murphy, MD (R-N.C.), which would prohibit payers from imposing electronic funds transfer fees as a condition of electronic physician payment. 

For updates on the cyberattack, check out TMA's Change Healthcare cyberattack webpage.  

Last Updated On

April 19, 2024

Originally Published On

April 19, 2024

Related Content


Emma Freer

Associate Editor

(512) 370-1383

Emma Freer is a reporter for Texas Medicine. She previously worked in local news, covering city politics, economic development, and public health. A native Clevelander, she graduated from Columbia Journalism School and the University of St. Andrews.

More stories by Emma Freer