A ransomware attack that disrupted Ascension hospital operations in May also caused issues with billing and claims processing for marketplace health insurance plans offered by the hospital system.
In addition to operating some 140 hospitals across the U.S., Ascension offers several health insurance plans on the ACA Marketplace through Ascension Personalized Care, available in Texas and several other states.
Following the May 8 hack, policyholders temporarily had to pay their premiums by check while the electronic billing system was offline. But the impacts extended beyond billing inconveniences. One Central Texas woman with Ascension insurance told KUT she became concerned after discovering a lump in her armpit last month.
“If I wasn't having this health crisis, I wouldn’t have noticed [these insurance issues],” said the woman, who spoke on the condition of anonymity due to health privacy concerns.
After a flurry of tests that included a biopsy, she was diagnosed with lymphoma. A PET scan was ordered to learn more.
“It's very scary to feel like in this tense moment, my insurance company is just not really functioning."Ascension Personalized Care policyholder
The patient believes she is close to meeting her deductible, which would mean most of the cost of the scan should be covered by insurance. But the claims for her May tests have not yet been processed, leaving her in the dark about whether she will have to pay the full cost of the scan out of pocket.
“It's very scary to feel like in this tense moment, my insurance company is just not really functioning,” she said.
Ascension representatives did not respond to questions about how the ransomware attack had affected Ascension Personalized Care ahead of a deadline.
Ben Gonzalez, a spokesperson for the Texas Department of Insurance, said Ascension appropriately reported the ransomware attack to the state agency. Ascension told TDI the insurer’s electronic processes had been disrupted, including its ability to “accept and process claims.”
“While systems have come back online, they have a backlog of claims to enter and process,” Gonzalez said.
Normally, insurers in Texas face penalties if they do not pay claims in a timely fashion — typically, within 30 days for electronic claims or 45 for paper claims — due to a law passed in 2003. But TDI granted Ascension a waiver through July 8. Gonzalez said Ascension could apply for an extension, but would need to provide “a great deal of detail on progress, obstructions, and other relevant factors for the request to be considered.”
Gonzalez said as of June 7 consumers had not yet made any formal complaints about Ascension Personalized Care related to the ransomware attack.
The anonymous patient said information insurance representatives have given her since early June has varied. One assured her that it was not abnormal for providers to take several months to submit a claim. Another said the company was beginning to work through its backlog of claims now that electronic systems have been restored, but could not give her a deadline for when that work would be done.
Meanwhile, local Ascension hospitals have made strides in recovering from the attack, with electronic health records back online after a month of relying on paper processes. Ascension has also begun offering free credit monitoring and identity theft protection for patients and staff after acknowledging some patient data may have been compromised.
On Thursday, the patient also received some good news: Her oncologist believes she has a slow-growing form of lymphoma and has recommended she wait a month before getting a PET scan, taking some pressure off a ticking-clock situation.
“Now, I have the luxury of waiting to see if they process my claims before I have to have the PET scan,” she said.
