By now, you may have heard of or read something about the brutal cyberattack that hit UnitedHealth Group (UHG) subsidiary Change Healthcare. The scope of the breach was massive, and is said to have affected, or outright disrupted, every major facet of the healthcare industry.
So, what happened? What was the government asked to do to help? What does the fallout look like? And what actions has the government actually taken? Here is the Cliffs Notes version.
Change Healthcare, which connects hospitals and pharmacies with insurers, has had most of its systems offline since a Feb. 21 data breach, impeding claims and prescription processing nationwide. UHG has stated that systems will remain down until a later date in March.
According to the American Hospital Association (AHA), this is the most significant and consequential incident of its kind to impact the U.S. healthcare system in history. The AHA noted that Change Healthcare processes 15 billion healthcare transactions annually, and touches one in every three patient records.
The outage has widely affected billing, eligibility checks, prior authorization requests, and prescription fulfillment, and could spur greater emphasis on enhancing protocols – and greater oversight from the federal government.
In the wake of the attack, the feds have become involved.
First, the Centers for Medicare & Medicaid Services (CMS) issued a statement on the attack and guidance to Medicare Advantage (MA) and Part D sponsors to continue providing access to benefits by removing certain requirements – and to offer advanced funding, in some cases. CMS said it is in “communication with UHG” and “meeting with private health plans.”
Senators asked CMS itself to make accelerated and/or advanced payments available to affected providers and to streamline claims processing as well as payments.
The White House’s National Security Council has been asked to look into financial relief for hospitals, using funds from the U.S. Department of Health and Human Services (HHS) and Department of Veterans Affairs (VA).
HHS has been asked to help guarantee flexibility regarding timely filing requirements of claims, to extend timelines for appeals, and to reevaluate what counts as “critical infrastructure,” which would afford healthcare organizations more federal data breach protections.
However, none of these were able to stop or mitigate the staggering fallout from the breach.
Reports suggest that the cyberattack has impacted many insurers’ ability to track medical expenses. At the same time, insurers are observing a significant reduction in claims data following the breach, while UHG is contending with threats of litigation from patients: at least six cases seeking class-action status have been filed since the cyberattack, alleging that Change didn’t have reasonable cybersecurity measures in place.
Providers nationwide have been dealing with service delays, coping with an inability to receive and finalize reimbursements or check insurance eligibility, and hemorrhaging money.
Following all of this, CMS announced new flexibilities and relief efforts for physicians and other providers and suppliers. In particular, they made applications available for accelerated payments for Medicare Part A and B providers, directed Medicare Administrative Contractors (MACs) to expedite actions needed for providers and suppliers to change clearinghouses, urged Medicaid managed care plans to make prospective payments, and provided public information on how to submit requests for accelerated or advance payments.
While it’s still unknown how helpful these federal actions will be, we do know they are a far cry from fixing the underlying problem. The damage from the Change Healthcare data breach is extensive, and so too will be the effort to pick up the pieces.
More generally, it demonstrates how complex, interconnected, and fragile the healthcare ecosystem is. As such, the response could serve as a model for how future cyberattacks on healthcare organizations are handled – and approaches to help prevent them.
Stay vigilant, because government needs all the help it can get.
In the CY 2026 OPPS/ASC Final Rule, the Centers for Medicare & Medicaid Services (CMS) formally finalized the removal of the Screening for Social Drivers
For decades, clinical documentation integrity (CDI) programs have been synonymous with inpatient care. They evolved from early efforts to improve Diagnosis-Related Group (DRG) accuracy into
Please log in to your account to comment on this article.
Accurately determining the principal diagnosis is critical for compliant billing, appropriate reimbursement, and valid quality reporting — yet it remains one of the most subjective and error-prone areas in inpatient coding. In this expert-led session, Cheryl Ericson, RN, MS, CCDS, CDIP, demystifies the complexities of principal diagnosis assignment, bridging the gap between coding rules and clinical reality. Learn how to strengthen your organization’s coding accuracy, reduce denials, and ensure your documentation supports true medical necessity.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
Get clear, practical answers to Medicare’s most confusing regulations. Join Dr. Ronald Hirsch as he breaks down real-world compliance challenges and shares guidance your team can apply right away.
Federal auditors are zeroing in on Inpatient Rehabilitation Facility (IRF) and hospital rehab unit services, with OIG and CERT audits leading to millions in penalties—often due to documentation and administrative errors, not quality of care. Join compliance expert Michael Calahan, PA, MBA, to learn the five clinical “pillars” of IRF-PPS admissions, key documentation requirements, and real-life case lessons to help protect your revenue.
During this essential RACmonitor webcast Michael Calahan, PA, MBA Certified Compliance Officer, will clarify the rules, dispel common misconceptions, and equip you with practical strategies to code, document, and bill high-risk split/shared, incident-to & critical care E/M services with confidence. Don’t let audit risks or revenue losses catch your organization off guard — learn exactly what federal auditors are looking for and how to ensure your documentation and reporting stand up to scrutiny.
Learn how to navigate the proposed elimination of the Inpatient-Only list. Gain strategies to assess admission status, avoid denials, protect compliance, and address impacts across Medicare and non-Medicare payors. Essential insights for hospitals.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
