The US Department of Health and Human Services (HHS) on Monday revealed the actions taken to assist healthcare providers in continuing to serve patients following the ransomware attack on Change Healthcare.
One of the largest healthcare technology companies in the US and a subsidiary of UnitedHealth Group, Change Healthcare handles billions of healthcare transactions per year.
On February 21, the company fell victim to a cyberattack later confirmed to have been perpetrated by the BlackCat ransomware gang. The attack caused massive disruptions across Change Healthcare’s network, which remains down two weeks later.
The disruption impacted thousands of pharmacies and providers across the US, which have implemented workarounds to continue serving their patients.
On Monday, HHS announced it was aware of the incident and its impact on healthcare operations across the country, noting that its priority is to ensure that the healthcare system is not disrupted and that patients continue to receive care.
“Numerous hospitals, doctors, pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments. HHS has heard these concerns and is taking direct action and working to support the important needs of the health care community,” HHS says.
The Centers for Medicare & Medicaid Services (CMS), HHS says, has already taken action to assist providers, including by instructing Medicare Administrative Contractors (MACs) to expedite claims for electronic data interchange (EDI) enrollments and to accept paper claims, and is encouraging Medicare providers in need of changing clearinghouses to contact their MAC in this regard.
“CMS is strongly encouraging other payers, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies and Medicaid and CHIP managed care plans, to waive or expedite solutions for this requirement,” HHS says.
According to the department, CMS will also recommend that Medicare Advantage (MA) organizations, Part D sponsors, and Medicaid and CHIP managed care plans remove or relax certain authorization and requirements until the outages are resolved.
“If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs,” HHS notes.
Furthermore, CMS is working on providing additional information regarding accelerated payment opportunities that some hospitals could need, given the significant cash flow problems the outage might have caused.
“HHS will continue to communicate with the health care sector and encourage continued dialogue among affected parties. We will continue to communicate with UnitedHealth Group, closely monitor their ongoing response to this cyberattack, and promote transparent, robust response while working with the industry to close any gaps that remain,” HHS concludes.
Change Healthcare reportedly paid a $22 million ransom to the BlackCat cybercrime group, which appears to have pulled an exit scam.
Related: HMG Healthcare Says Data Breach Impacts 40 Facilities
Related: CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance
Related: CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector
