New Programs by HHS to Address Cyberattacks on Affected Providers

The Department of Health and Human Services (HHS) has reported the Blackcat ransomware attack on UnitedHealth Group-managed Change Healthcare in February 2024. The attack affected over 100 of Change Healthcare’s systems, which subsequently impacted the providers that employ those systems for monitoring insurance policies, filing claims, and getting payment.

A few industry groups asked HHS for help for their members, who are encountering significant cash flow issues since they could not get payments without Change Healthcare’s services. UnitedHealth Group provides a temporary financial assistance plan to support companies who cannot get payments, but the industry groups have belittled this step because of the restricted eligibility and tedious requirements.

The HHS stated that because of the consequence of the cyberattack on healthcare operations across the country, its first concern is to assist in managing efforts to prevent interferences to care. The HHS is routinely conversing with UnitedHealth Group leadership and has indicated that it wants UnitedHealth Group to ensure the continuity of procedures for all healthcare providers.

The HHS mentioned it has gotten several messages concerning the cash flow challenges that resulted from the cyberattack as companies cannot send claims and collect payments. It explained that it is doing something to serve the demands of the health community. The HHS is developing new flexibilities and the Centers for Medicare and Medicaid Services (CMS) is handling the response and will be conversing with the healthcare community and delivering support, as needed.

The HHS stated all affected providers ought to be familiar with these flexibilities:

Medicare companies that ought to alter the clearinghouses they utilize to get claims processing because of the outages must connect with their Medicare Administrative Contractor (MAC) to get a new electronic data interchange (EDI) enrollment for the transition. The MAC will give recommendations to hasten the new EDI enrollment. The CMS has commanded MACs to speed up the procedure for new EDI enrollment and relocate all company and facility requests in production to make certain they can bill claims instantly.

The CMS will be providing guidance to Medicare Advantage (MA) establishments and Part D sponsors wanting them to take away or loosen up earlier authorization, other utilization administration, and timely processing of requirements at the time of these system breakdowns, and is urging MA plans to give advance financing to the providers most impacted by the cyberattack on Change Healthcare. Medicaid and CHIP-managed care plans are additionally being prompted to undertake a strategy to the level authorized by the State.

Medicare providers need to call their MAC for specifics on exclusions, waivers, or extensions, or call CMS if they are having a hard time submitting claims or other needed notices or other submissions. The CMS has gotten in touch with all MACs and instructed them that they should agree to paper submissions when a company needs to submit claims in that way as a result of the breakdowns.

Companies called the CMS about the accessibility of faster payments including those released at the time of the COVID-19 pandemic. Numerous payers have made cash accessible though billing systems are not online, and the CMS prompts companies to make the most of those chances; nevertheless, the HHS stated hospitals may send quicker payment requests to their specific servicing MACs.

The HHS pointed out that the attack on Change Healthcare reminds the significance of fortifying cybersecurity toughness throughout the healthcare environment. In December 2023, the HHS gave a concept paper detailing a few of the activities the HHS plans to carry out to reinforce cybersecurity resilience. Those procedures include voluntary cybersecurity operation targets, working with Congress to establish assistance and benefits for domestic hospitals to strengthen cybersecurity, growing responsibility, and bettering connections via a one-stop store. The HHS is encouraging all individuals of the healthcare system to consider HIPAA compliance and cybersecurity with seriousness, as Americans cannot handle more disturbances to care.

Though providers and industry communities have acknowledged the HHS response, the majority of responses are that the new flexibilities don’t do much. The president of the American Medical Association, Jesse Ehrenfeld, M.D., stated the new flexibilities introduced by the HHS are a welcome initial step, but mentioned the CMS must understand that the financial difficulties a lot of companies are going through are threatening the survival of their operations, including those that look after the underserved. The AMA prompts government officers to go beyond what is used and include economic aid for example advanced salaries for medical professionals.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at