[author: Kian Azimpoor]

Change Healthcare Cyberattack
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change Healthcare, a “threat actor” gained access to its system. As a result of this cyberattack, Change Healthcare’s services have been shut down.

To provide perspective on the magnitude of this attack and its impact, Change Healthcare serves as the largest healthcare payment system in the U.S. Change Healthcare reportedly manages approximately 15 billion clinical, financial, and operational transactions per year. Specifically, it manages healthcare technology pipelines that process insurance claims and billing. For those reasons, American Hospital Association (AHA) has characterized this attack as “the most significant and consequential incident of its kind against the U.S. healthcare system in history."

Healthcare professionals depend on this system to verify insurance coverage and file claims for reimbursement.  Accordingly, the effects of this cyberattack are far-reaching. Providers and patients have been most severely impacted by this incident. Some patients are being forced to pay out of pocket for medications. Further, many providers have not been able to submit claims, so a critical portion of revenue cycle processes have come to a halt.

While a specific timeline to restore the services was not provided during the initial stages of the attack, Change Healthcare has since publicly stated that electronic prescribing is now fully functional along with claim submission and payment transmission. Change Healthcare has also stated electronic payment functionality will become available on March 15, 2024. Lastly, with respect to medical claims, Change Healthcare expects to reestablish connectivity to its claim network and software on March 18, 2024.

Currently, the U.S. Department of Health and Human Services (HHS) and other entities are monitoring and assessing the impact of this cyberattack on providers and suppliers. Recently, the Centers for Medicare & Medicaid Services (CMS) announced that it will accelerate payments for Medicare Part A providers and Part B suppliers. Further, CMS has directed Medicare Administrative Contractors (MACs) to expedite actions needed for providers and suppliers to change the clearinghouse they use and accept paper claims. MACs have issued information to the public on how to submit a request for a Medicare accelerated advance payment.

This incident has exposed the fragility of the U.S. healthcare ecosystem and, more importantly, the need to strengthen the cybersecurity infrastructure of healthcare organizations.

Entities That May Be Impacted
Hospitals, physicians, pharmacists, and other healthcare providers may be impacted by this ransomware attack. Providers, such as physicians and hospitals, may not be able to submit or process insurance claims and, thereby, risk facing significant cash flow problems. Pharmacies may not be able to obtain pertinent information necessary to fill prescriptions. And patients may not be able to submit claims and fill prescriptions.

If you use the Change Healthcare platform, your organization may have been impacted either directly or indirectly. Identifying whether your organization has been impacted is the first step in taking action to avoid further disruptions.

Actionable Next Steps 
Entities that have been impacted by this ransomware attack can take the following steps:

• Monitor HHS, CMS, and AHA advisories for pertinent updates.
• Communicate with payors to determine how to best circumvent compromised Change Healthcare applications.
• Review HIPAA compliance programs and take other steps to prepare for a potential breach or regulatory investigation (such as conducting internal audits and running tabletop exercises to simulate the impact of a breach).