Connect with us

Hi, what are you looking for?


Incident Response

HHS Aiding Organizations Hit by Change Healthcare Cyberattack

US government lays out actions to assist healthcare providers following the highly disruptive Change Healthcare cyberattack.

The US Department of Health and Human Services (HHS) on Monday revealed the actions taken to assist healthcare providers in continuing to serve patients following the ransomware attack on Change Healthcare.

One of the largest healthcare technology companies in the US and a subsidiary of UnitedHealth Group, Change Healthcare handles billions of healthcare transactions per year.

On February 21, the company fell victim to a cyberattack later confirmed to have been perpetrated by the BlackCat ransomware gang. The attack caused massive disruptions across Change Healthcare’s network, which remains down two weeks later.

The disruption impacted thousands of pharmacies and providers across the US, which have implemented workarounds to continue serving their patients.

On Monday, HHS announced it was aware of the incident and its impact on healthcare operations across the country, noting that its priority is to ensure that the healthcare system is not disrupted and that patients continue to receive care.

“Numerous hospitals, doctors, pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments. HHS has heard these concerns and is taking direct action and working to support the important needs of the health care community,” HHS says.

The Centers for Medicare & Medicaid Services (CMS), HHS says, has already taken action to assist providers, including by instructing Medicare Administrative Contractors (MACs) to expedite claims for electronic data interchange (EDI) enrollments and to accept paper claims, and is encouraging Medicare providers in need of changing clearinghouses to contact their MAC in this regard.

“CMS is strongly encouraging other payers, including state Medicaid and Children’s Health Insurance Program (CHIP) agencies and Medicaid and CHIP managed care plans, to waive or expedite solutions for this requirement,” HHS says.

Advertisement. Scroll to continue reading.

According to the department, CMS will also recommend that Medicare Advantage (MA) organizations, Part D sponsors, and Medicaid and CHIP managed care plans remove or relax certain authorization and requirements until the outages are resolved.

“If Medicare providers are having trouble filing claims or other necessary notices or other submissions, they should contact their MAC for details on exceptions, waivers, or extensions, or contact CMS regarding quality reporting programs,” HHS notes.

Furthermore, CMS is working on providing additional information regarding accelerated payment opportunities that some hospitals could need, given the significant cash flow problems the outage might have caused.

“HHS will continue to communicate with the health care sector and encourage continued dialogue among affected parties. We will continue to communicate with UnitedHealth Group, closely monitor their ongoing response to this cyberattack, and promote transparent, robust response while working with the industry to close any gaps that remain,” HHS concludes.

Change Healthcare reportedly paid a $22 million ransom to the BlackCat cybercrime group, which appears to have pulled an exit scam

Related: HMG Healthcare Says Data Breach Impacts 40 Facilities

Related: CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

Related: CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.