Urgent Update: Cyberattack Impacting Change Healthcare Operations

ChangeHealthcare Cyberattack Updates

March 9, 2024

This morning, the Centers for Medicare and Medicaid Services announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request advanced Medicare payments to help with cash flow disruptions. The details of the program, terms, and the steps needed to apply can be found in the links below.

Fact Sheet – https://www.cms.gov/newsroom/fact-sheets/change-healthcare/optum-payment-disruption-chopd-accelerated-payments-part-providers-and-advance

CMS Statement – https://www.cms.gov/newsroom/press-releases/cms-statement-continued-action-respond-cyberattack-change-healthcare

March 8, 2024

Today, the Office of the Health Insurance Commissioner issued OHIC Bulletin 2024-01: Expectations During Cybersecurity Breach.  In respect to providers the bulletin outlines OHIC’s expectation is that health care entities will take necessary action to ensure that health care providers can bill and be reimbursed for covered services in a timely manner. Further, until such time that the Change Healthcare breach is fully resolved, OHIC is instructing all health care entities and their delegates to adopt flexible policies for timely filing requirements until 60 days post resolution. OHIC also expects that health care entities will provide flexibility to providers with respect to claim filing requirements and expeditiously process paper claims upon receipt.

Should OHIC’s expectations outlined above, and the health care entities’ existing workarounds not be sufficient to alleviate the burden on members and providers, OHIC strongly encourages health care entities to:

  • Consider waiving (or allowing for other flexibility) prior authorization requirements in situations where the provider cannot share the information.
  • Develop prompt, meaningful, and streamlined financial assistance for providers for instances where billing and reimbursement processes are unavailable or delayed, to ensure providers are able to continue to render services to members and maintain necessary cashflow.

Additionally, the Center for Medicare and Medicaid Services announced flexibilities intended to help providers continue to serve patients in the wake of the cyberattack on Change Healthcare. They include expedited claims processing; guidance for Medicare Advantage and Part D programs to remove or relax prior authorization, utilization management and filing requirements; and exceptions, waivers, or extensions available through Medicare Administrative Contractors in addition to paper claim submissions. CMS also encourages Medicaid and Children’s Health Insurance Program agencies to offer the same flexibilities during the Change Healthcare system outages. Learn more here.

United Health Care also announced an expansion of their temporary funding assistance program for providers and called on other payers to do the same.  They are determining historic and current claim trends and extending funds to providers to cover the difference.

Timeline to Restore Change Healthcare Systems:

  • Pharmacy services: Electronic prescribing is now fully functional with claim submission and payment transmission also available as of today. We have taken action to make sure patients can access their medicines in the meantime, including Optum Rx pharmacies sending members their medications based on the date needed.
  • Payments platform: Electronic payment functionality will be available for connection beginning March 15.
  • Medical claims: We expect to begin testing and reestablish connectivity to our claims network and software on March 18, restoring service through that week.

Learn more here.

Additional Resources:

RIMS will continue to work with OHIC as well as local insurers to advocate for the needs of our members and all providers to help address the issues facing practices because of the cyberattack. If you have any questions or concerns, please contact Stacy Paterno at spatern@rimed.org or 401-465-2930.

March 1, 2024

Urgent Update: Cyberattack Impacting Change Healthcare Operations

We are writing to inform you of a critical cybersecurity incident that has recently affected Change Healthcare, a division of United Healthcare. On February 21, 2024, Change Healthcare publicly disclosed that they experienced a cyberattack orchestrated by the ALPHV / Blackcat cybercriminal network, resulting in disruptions to several of their applications. This incident has had far-reaching implications for operations across the U.S. healthcare system.

Change Healthcare plays a pivotal role in supporting various clinical, administrative, and financial processes for payers, providers, and consumers within the healthcare industry. Key areas impacted include pharmacy claims transactions, provider claims processing, patient access and financial clearance, provider payments, and authorizations, among others.

In response to this incident, United Healthcare is actively working to develop and implement workarounds to ensure that providers and pharmacists can continue to serve their patients while systems are being restored to normal. These measures include the deployment of manual processes for information submission, eligibility checks, claim status inquiries, prior authorizations, and prescription fills.

We understand that these disruptions may lead to cash flow issues for practices like yours. Therefore, United Healthcare has established a temporary funding assistance program to provide support for short-term cash flow needs. We encourage you to learn more about this program and apply for assistance if necessary, by clicking here.

In addition to addressing immediate financial concerns, it is imperative that you take proactive steps to reinforce phishing training with your staff. Given the potential compromise of information within Change Healthcare, cybercriminals may attempt to exploit this situation by targeting your staff with phishing attempts. Please remain vigilant and cautious of any suspicious emails, links, or downloads.

Furthermore, individuals within your organization who have the authority to transfer funds should exercise heightened awareness for any unusual activity. Consider implementing additional verification measures for requests to change banking instructions or expedite transactions to mitigate the risk of fraudulent activity.

For further information about the cyberattack and ongoing updates from United Healthcare, please click here. Additionally, we have provided additional resources below for your reference:

AMA page on the Change Healthcare cyber issues with updates and resources

Letter from MGMA to the US Dept HHS

At RIMS, we are committed to supporting our members through this challenging time. If you have any questions or require further assistance, please do not hesitate to contact Stacy Paterno at 401-465-2930 or via email at spaterno@rimed.org.

We will continue to monitor the situation closely and provide updates as they become available. Thank you for your attention to this matter and your ongoing cooperation.


Heather Smith, MD, MPH