By NCPA CEO B. Douglas Hoey

When Optum Rx sent a letter to its pharmacy partners addressing the cyberattack that brought down Change Healthcare, leaving pharmacies in the lurch on claims, it was because NCPA and other pharmacy groups had been vocal about their mystifying, week-long delay in responding. NCPA’s senior vice president for pharmacy affairs Ronna Hauser and I met with its executives a few days before their note to ensure pharmacies aren’t left holding the proverbial bag, because when our ability to communicate claims and information breaks down, it’s not just patients who suffer. The whole ecosystem suffers. As if independents didn’t have a tough enough time in 2024 with revenue and the DIR hangover, the last thing we need is to have our cash flow cut off because of a group of bad actors is holding our systems hostage. As if our most vulnerable patients don’t have a hard enough time getting the medications they need, the last thing they need is a delay while pharmacy owners and their teams across the country looked for workarounds to try to help get patients their medicine. But it’s not an isolated incident. In 2023, about 106 million people were affected by cyberattacks on their health care organizations, according to John Riggi, national advisor for cybersecurity for the American Hospital Association (and as reported in Chief Healthcare Executive). That’s one in three Americans, and that figure is up from 44 million people in 2022. It’s also not surprising Change Healthcare was a target. It handles oceans of patient data for United Healthcare and Optum Rx including claims, bills and payments as well as data for PBMs, insurers, and others who compete with UnitedHealth Group. If that data was compromised, it would spell trouble – just as I feared it would be in 2022 when UHC proposed a merger with Change Healthcare. That’s why NCPA was a vocal opponent of the merger. “I told you so” doesn’t help after the fact, yet another health care behemoth consolidation helped make Change Healthcare a much juicier target after they merged the UnitedHealth Group monopoly. When that data was compromised, it wasn’t just their cyber security team that had a headache. It was patients and independent pharmacists, too.

Technology isn’t perfect. We all know that. But, there’s a lot to celebrate in terms of the capacity of bits and bytes to represent critical data that can help us work faster and more efficiently so we can spend more time with patients. There’s a lot to celebrate, too, in terms of the trajectory-altering trends our own NCPA Technology Steering Committee outlines in a special round-robin we conducted with them. Thomas Edison once said, “Just because something doesn’t do what you planned it to do doesn’t mean it’s useless,” and that’s the sort of existential attitude we need to adopt when we look to future trends. Cyberattacks are unacceptable, but just as unacceptable in my book is for the affected patients and providers to be forced to clean up the mess without total assurance that their efforts to help will not create future hardships for them when this is being looked at in the corporate rearview mirror. Technology is just as useful as we make it. No more, no less.

A version of this article appears in the May issue of America’s Pharmacist. Check it out now!