Change Healthcare Cyberattack: Summary

In late February 2024, Change Healthcare, a major healthcare clearinghouse, experienced a cyberattack. A clearinghouse processes healthcare claims electronically, routing them between providers, insurers, and other entities involved in the billing process. This attack disrupted operations for Change Healthcare, causing significant downstream effects across the healthcare system. On March 5, 2024, HHS released a statement outlining their plan to mitigate disruptions.

While the attack didn’t directly target group health plans themselves, it caused delays in claims processing for many providers. This could have led to:

  • Cash Flow Issues: Providers may have experienced delays in receiving reimbursement for services rendered to plan participants.
  • Administrative Burdens: Plan sponsors and providers might have had to resort to manual claims processing, increasing administrative workloads.
  • Potential Delays in Care: In some cases, delayed claims processing could have caused delays in authorizing or reimbursing necessary medical services for plan participants.

The Department of Health and Human Services (HHS) has taken the below steps to mitigate the impact on the healthcare system:

  • Investigation: HHS has launched an investigation into the attack to assess potential HIPAA violations by Change Healthcare and its parent company, UnitedHealth Group (UHG).
  • Financial Assistance: HHS has implemented measures to financially support providers impacted by the attack, aiming to prevent disruptions in care due to cash flow issues.
  • Streamlined Processes: HHS has worked with UHG to streamline the process for healthcare providers switching to different clearinghouses.

We will continue to monitor developments and provide updates as necessary.