‘I want my pay’: Oregon clinics left without wages 3 weeks after cyberattack

Some people running clinics say they may have to take on debt to keep them going.

PORTLAND, Ore. (KOIN) — Three weeks after a national cyberattack against the healthcare industry affected clinics in Oregon, many people have been left with unpaid wages to this day.  

Despite these hardships, local healthcare clinics have still been working since the cyberattack. Workers told KOIN 6 News they have to be there for their patients who need them.

“I don’t want lip service. I want my pay for the work that I did,” said Pulse Wellness Cooperative CEO Roseanne Marmor.“ Feb. 19 was the last time anybody was paid.”

Three weeks ago, a cyberattack happened on a major health service provider that covers clinics nationwide and right here in Oregon.

Since then, small practices haven’t been able to collect insurance payments through the third party, Change Healthcare, which is run by the UnitedHealth Group. That means for places like Pulse Wellness Cooperative, who offers therapy to hundreds of people, they have to continue working without pay.

“Eighty-five percent of the people we serve have Oregon Health Plan so they’re desperate for the counseling they have that’s why we’re here,” Marmor said.

While she waits, Marmor said she’ll likely go into debt just to keep the clinic open. 

“In the meantime, I’ve looked at loan products, credit products, figuring out what credit card I can use. I thought about putting my house up but I got I have nine people that work here,” Marmor said. 

Change Healthcare pays out claims to doctors’ offices and other service providers. Those claims make up a large portion of payments for many health providers.

“It slows everything down. It slows down our ability to you know, get new patients in for care,” said Integrative Trauma Treatment Center Founder Athena Phillips.

The cyberattack is also affecting some patients getting their prescriptions.

“We as providers care about our patients, our clients so much that we can’t look at them in the face and just walk away, we have to continue,” Phillips said. “And I think that that’s capitalized on to some extent”.

In a statement, the CEO of UnitedHealth Group Andrew Witty said in part:

“All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

Some clinics said help can’t come fast enough.

“Ensuring that we can rely on our payment systems that our clients will ultimately be affected in the long run and we — it will just take us longer to do the thing we do best which is to provide treatment,” Phillips said.

Local treatment centers and clinics are hoping to get paid

The U.S. Department of Health and Human Services published voluntary healthcare specific Cybersecurity Performance Goals (CPGs) to help healthcare organizations prioritize implementation of high-impact cybersecurity practices. It also has several assistance programs for health providers who have been affected.