1. Home
  2. Practice Help
  3. Health Information Technology

Change Healthcare Cyberattack

  • Change Healthcare experienced a cyberattack on Feb. 21 that disrupted payment and revenue cycle management operations.

    Physicians using Change Healthcare – a health care technology company that is part of Optum and owned by UnitedHealth Group – are likely to experience claims and payment disruptions. This is a rapidly evolving situation and physicians should stay tuned for additional updates which will be posted on this page.

  • CMS Adds Cyberattack Hardship Option to MIPS EUC

    Due to the ongoing impact the Change Healthcare Cyberattack has had on physician practices, CMS has added an option to cite the cyberattack when requesting the 2024 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) hardship exception.

    To account for the increased number of physicians that have been impacted by a cyberattack this year, CMS has specifically added a drop-down tab in the application to indicate the EUC is due to the Change cyberattack. When in the EUC portal, physicians should select the event type as “ransom/malware”. Once a physician clicks on the event type “ransom/malware” a drop-down box will appear asking whether the event pertains to the Change Healthcare Cyberattack. Reference page 8 in the 2024 MIPS EUC Application User Guide for more details. The 2024 MIPS EUC portal is now open, and physicians have until December 31, 2024, to file a hardship application and avoid a 2026 MIPS negative payment adjustment.

    When applying for a hardship, physicians have the option to request reweighting of up to four MIPS categories. Reweighting of all performance categories will result in avoiding a MIPS penalty of up to -9 percent in 2026. As a reminder, if a physician or group submits data, it will override the hardship exception and the physician or group may be scored.

  • Cyber Security Event Update

    May 9, 2024

    • On Wednesday, May 8, Ascension posted that they, “detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.”

  • United, Optum Simplify Funding Assistance Post Cyberattack

    United Healthcare and Optum continue to offer interest-free financial assistance to physicians suffering cash flow problems related to the Change Healthcare cyberattack. TMA has learned that, based on feedback, Optum has simplified the funding terms and made it easier to request larger amounts of money. Practices must show proof of cash flow before the attack and proof of current cash flow, and Optum will make up the difference. Funds are distributed on a weekly basis, so physicians may apply weekly as needed. Use the Temporary Funding Inquiry Form and contact Optum with questions at (877) 702-3253.

  • Novitas Restores Electronic Billing Post Cyberattack

    Change Healthcare and Optum have been working with Novitas Solutions, Texas’ Medicare contractor, to transition physicians and others enrolled for Change Healthcare connections to the Optum clearinghouse for claims and remittances. The transition is complete, Novitas says, and instructs physicians to resume electronic billing as soon as possible “for all JH and JL Medicare claims.” Details can be found in this Novitas announcement. The contractor says “billing electronically will provide an improved cash flow due to our ability to release payment when a finalized claim … reaches the 14-day payment floor for HIPAA-compliant claims.” HIPAA-compliant paper claims “are not paid until a minimum of 29 days after the claim reaches us.”

  • HHS Compilation of Payer Contacts to Assist Physicians

    On March 25th the Department of Health and Human Services (HHS) distributed these resources to assist physicians, pharmacists, and hospitals, with the aftermath of the Change Healthcare cybersecurity attacks. Physicians can use the information compiled by HHS to contact insurers for information about the Change Healthcare cyberattack. HHS’ cover letter points out that the resource document contains a national contact person for each plan, though HHS urges physicians, pharmacists, and hospitals, to reach out first to their health insurer’s regional contact. If these contacts do not respond to inquiries, please contact HHScyber@hhs.gov.

  • Suggested Steps to Protect Your Networks

    Cybersecurity experts and the HHS Administration for Strategic Preparedness and Response (ASPR) suggest taking these steps to protect your networks:

    • With consideration of the written attestation from UHG that the Optum network is safe, organizations should evaluate their risk of using Optum, UnitedHealthcare and UHG systems.
    • While UHG asserts that any system that is currently live and available is safe to use, organizations should evaluate their risks and make determinations if connections to Change Healthcare are appropriate at this time.


    As part of your risk evaluation, healthcare organizations should consider the impacts of severing connectivity to Optum, which includes but is not limited to loss of prior procedure authorizations, electronic prescribing and other patient care functions. Ultimately, your organization should make its own determination on whether or not to block Optum specifically while considering all the risks and consequences of doing so. Change Healthcare is posting updates on the status of the cyberattack.

    Read More

  • Helpful Links

  •  

    TMA is helping to strengthen your practice by offering advice and creating a climate of medical success across the state. 

    Explore TMA Member Benefits

  • What could a TMA membership mean for you, your practice, and your patients?

    Join TMA Now