Following a mysterious cyberattack, Maine pharmacies have been instructed to fill prescriptions of MaineCare members without the ability to verify that patients will be covered.
[RELATED: Nationwide Cell Service Disruption Stokes Concerns Over Cyberattacks, Solar Flares…]
“MaineCare has given pharmacies override options so that they can fill your prescriptions for 30 days. MaineCare wants members to have timely access to their prescriptions. We are working with providers, pharmacies, and members to do everything possible to make sure prescriptions can be filled,” said the Office of MaineCare Services (OMS).
MaineCare relies on the third party company Change Healthcare to verify and carry out pharmacy claims.
Change Healthcare, which serves healthcare systems across the country, became the victim of a cyberattack on February 21, which forced the company to shut down many of its systems.
OMS’s statement reassured MaineCare recipients their personal information had not been compromised, but could not offer any information on when Change Healthcare’s services would return.
Nearly two weeks from the start of the outage, services have not resumed.
MaineCare members will be able to receive 30 days worth of prescriptions from pharmacies free-of-charge, without the full verification normally required.
Although the measure allows MaineCare members, who need access to life-saving prescriptions to continue to fill them if they cannot afford too pay out of pocket, it also makes the state more vulnerable to fraud.
A customer could claim MaineCare coverage, receive a 30-day supply of a prescription, and fail to pay for the prescription in any way if they did not truly qualify to have the state pay for the drugs.
Shortly before the Change Healthcare cyberattack, Maine’s healthcare system suffered another, similar attack.
On February 3, Northern Lights Health, a healthcare system which operates multiple hospitals and nursing homes in Maine, discovered that some of its computer servers had been compromised.
Northern Lights took its patient records temporarily offline and investigated the situation.
The company determined that no patient data had been compromised, and restored all services two days after the breach.
The investigation did not reveal which organization or individual was responsible for the incident, nor the motive of the attack.
