By now, you may have heard of or read something about the brutal cyberattack that hit UnitedHealth Group (UHG) subsidiary Change Healthcare. The scope of the breach was massive, and is said to have affected, or outright disrupted, every major facet of the healthcare industry.
So, what happened? What was the government asked to do to help? What does the fallout look like? And what actions has the government actually taken? Here is the Cliffs Notes version.
Change Healthcare, which connects hospitals and pharmacies with insurers, has had most of its systems offline since a Feb. 21 data breach, impeding claims and prescription processing nationwide. UHG has stated that systems will remain down until a later date in March.
According to the American Hospital Association (AHA), this is the most significant and consequential incident of its kind to impact the U.S. healthcare system in history. The AHA noted that Change Healthcare processes 15 billion healthcare transactions annually, and touches one in every three patient records.
The outage has widely affected billing, eligibility checks, prior authorization requests, and prescription fulfillment, and could spur greater emphasis on enhancing protocols – and greater oversight from the federal government.
In the wake of the attack, the feds have become involved.
First, the Centers for Medicare & Medicaid Services (CMS) issued a statement on the attack and guidance to Medicare Advantage (MA) and Part D sponsors to continue providing access to benefits by removing certain requirements – and to offer advanced funding, in some cases. CMS said it is in “communication with UHG” and “meeting with private health plans.”
Senators asked CMS itself to make accelerated and/or advanced payments available to affected providers and to streamline claims processing as well as payments.
The White House’s National Security Council has been asked to look into financial relief for hospitals, using funds from the U.S. Department of Health and Human Services (HHS) and Department of Veterans Affairs (VA).
HHS has been asked to help guarantee flexibility regarding timely filing requirements of claims, to extend timelines for appeals, and to reevaluate what counts as “critical infrastructure,” which would afford healthcare organizations more federal data breach protections.
However, none of these were able to stop or mitigate the staggering fallout from the breach.
Reports suggest that the cyberattack has impacted many insurers’ ability to track medical expenses. At the same time, insurers are observing a significant reduction in claims data following the breach, while UHG is contending with threats of litigation from patients: at least six cases seeking class-action status have been filed since the cyberattack, alleging that Change didn’t have reasonable cybersecurity measures in place.
Providers nationwide have been dealing with service delays, coping with an inability to receive and finalize reimbursements or check insurance eligibility, and hemorrhaging money.
Following all of this, CMS announced new flexibilities and relief efforts for physicians and other providers and suppliers. In particular, they made applications available for accelerated payments for Medicare Part A and B providers, directed Medicare Administrative Contractors (MACs) to expedite actions needed for providers and suppliers to change clearinghouses, urged Medicaid managed care plans to make prospective payments, and provided public information on how to submit requests for accelerated or advance payments.
While it’s still unknown how helpful these federal actions will be, we do know they are a far cry from fixing the underlying problem. The damage from the Change Healthcare data breach is extensive, and so too will be the effort to pick up the pieces.
More generally, it demonstrates how complex, interconnected, and fragile the healthcare ecosystem is. As such, the response could serve as a model for how future cyberattacks on healthcare organizations are handled – and approaches to help prevent them.
Stay vigilant, because government needs all the help it can get.
The U.S. Department of Health and Human Services (HHS) recently announced policy changes in response to President Trump’s executive order aimed at gender classifications and
Today, I want to bring attention to an issue that is once again under scrutiny, how hospitals report patient harm events under the Centers for
Please log in to your account to comment on this article.
Physician queries are essential for accurate documentation and claims data, but they are increasingly scrutinized by payors, leading to denials and revenue leakage. This webcast, led by industry expert Cheryl Ericson, RN, MS, CCDS, CDIP, provides actionable strategies to craft compliant queries, reduce denials, and enhance revenue integrity. Attendees will gain insights into clinical validation queries, how to avoid common pitfalls, and learn best practices to defend against query denials. Don’t miss this opportunity to refine your query process and protect your organization’s financial health.
Master the complexities of heart failure coding with this expert-led webcast by Emily Montemayor, CCS, CMBCS, COC, CPC, CPMA. Discover strategies to ensure compliance with ICD-10-CM guidelines, documentation integrity, and capture comorbidities like CKD and hypertension. Learn how to resolve coding challenges, improve documentation practices, and submit clean claims to minimize denials and safeguard your organization’s financial health. With practical insights and real-world examples, this session equips you to prevent revenue leakage, enhance compliance, and secure optimal reimbursement—all while supporting better patient outcomes.
Prepare your organization for the 2025 OPPS updates with expert insights from Tiffani Bouchard, CCS, CRCR, a Revenue Integrity Professional with over 30 years of experience. This webcast will address critical challenges in charge capture and coding, providing clarity on APC policies, C-APC packaging, exclusions, and payer-specific requirements. Attendees will learn actionable strategies to ensure compliance, optimize reimbursement, and mitigate risks of claim denials. Gain the knowledge needed to implement updates effectively, educate your team, and maintain seamless revenue cycle operations in the face of evolving OPPS complexities.
Join Beth Wolf, MD, CPC, CCDS, for an in-depth webcast on the FY2025 spinal fusion MS-DRG updates. Discover key changes in DRG classification, understand impacts on documentation and CMI, and learn strategies to ensure compliance.
Dr. Ronald Hirsch dives into the basics of Medicare for clinicians to be successful as utilization review professionals. He’ll break down what Medicare does and doesn’t pay for, what services it provides and how hospitals get paid for providing those services – including both inpatient and outpatient. Learn how claims are prepared and how much patients must pay for their care. By attending our webcast, you will gain a new understanding of these issues and be better equipped to talk to patients, to their medical staff, and to their administrative team.
Hospitals face growing challenges in measuring observation metrics due to inconsistencies in classification, payer policies, and benchmarking practices. Join Tiffany Ferguson, LMSW, CMAC, ACM, and Anuja Mohla, DO, FACP, MBA, ACPA-C, CHCQM-PHYADV as they provide critical insights into refining observation metrics. This webcast will address key issues affecting observation data integrity and offer strategies for improving consistency in reporting. You will learn how to define meaningful metrics, clarify commonly misinterpreted terms, and apply best practices for benchmarking, and gain actionable strategies to enhance observation data reliability, mitigate financial risk, and drive better decision-making.
The 2025 Medicare Physician Fee Schedule brings significant changes to payment rates, coverage, and coding for physician services, impacting practices nationwide. Join Stanley Nachimson, MS., as he provides a comprehensive guide to understanding these updates, offering actionable insights on new Medicare-covered services, revised coding rules, and payment policies effective January 1. Learn how to adapt your practices to maintain compliance, maximize reimbursement, and plan for revenue in 2025. Whether you’re a physician, coder, or financial staff member, this session equips you with the tools to navigate Medicare’s evolving requirements confidently and efficiently.
Dr. Ronald Hirsch provides critical details on the new Medicare Appeal Process for Status Changes for patients whose status changes during their hospital stay. He also delves into other scenarios of hospital patients receiving custodial care or medically unnecessary services where patient notifications may be needed along with the processes necessary to ensure compliance with state and federal guidance.
Copyright © 2025 ICD10monitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
