Navigating healthcare’s cyber crisis: HFMA’s lifeline through the Change Healthcare cyberattack

Regularly scheduled national member calls by HFMA’s Change Healthcare Business Continuity Workgroup and frequent news updates about the continuing impact of the cyberattack on hospitals and health system by senior editor Nick Hut became a lifeline for many HFMA members through mid-March.

Regular news updates

Hut kept members apprised of developments starting on Feb. 25 with daily blog posts to HFMA’s homepage, and then with multiple, time-stamped updates on many days through mid-March, when the blog garnered 65,000 page views, making it the “the most-read piece of HFMA content ever,” according to Brad Dennison, HFMA’s director of content.

News coverage related to the Change Healthcare cyberattack is expected to continue on hfma.org for as long as events warrant.

HFMA’s immediate response

Within hours of UnitedHealth Group’s Feb. 22 confirmation of the cyberattack, HFMA reached out to membership through its online Community and hosted the first of several working-group calls. After 125 HFMA members participated in the first national call, the group’s size continued to grow as the healthcare industry and federal government grappled with the lingering effects of the outage. HFMA hosted seven calls related to the Change Healthcare cyberattack between Feb. 22 and March 19, with more planned.

“Our internal team utilized this group to share resources and articles of interest, and to provide recordings and transcripts of ongoing group calls,” said Melanie Binder, senior manager, community and council engagement. “This forum continues to serve as a collaborative space for provider members to discuss and share mitigation strategies, as well as address additional challenges caused by the Change Healthcare crisis.”

Additional HFMA efforts

“HFMA’s executive team took proactive steps Feb. 22 by reaching out and initiating communication with the FBI and the Department of Health and Human Services concerning the issue,” according to Shawn Stack, HFMA’s director of healthcare finance policy, perspectives and analysis.*

The team that oversees HFMA’s executive councils prepared a member survey for organizations to complete directly after the Feb. 22 call. Stack said the results were used to connect individuals facing similar impacts and challenges, thereby facilitating collaboration and resource pooling to effectively address the repercussions of the cyberattack.

“All of our efforts were aimed at ensuring our members had access to as much information as was available not only at the onset of the incident, but as the weeks passed by,” said Rick Gundling, senior vice president, content and professional practice guidance. “Provider members’ positive response to how we helped them deal with the fallout of the cyberattack showed there was a definite need for information, guidance and community during this trying time.”

*Stack, S., “How HFMA worked with members through the Change Healthcare cybersecurity breach,” hfma.org, March 4, 2024.