Cybersecurity

How HFMA worked with members through the Change Healthcare cybersecurity breach 

Shawn Stack
March 4, 2024 3:48 pm

Change Healthcare, a healthcare technology company owned by UnitedHealth Group, disclosed on Feb. 21 that it had fallen victim to a cyberattack, causing disruptions to several of its systems and services. According to a statement released on its website on Feb. 22, around noon EST, UnitedHealth Group confirmed the incident, stating, “At this time, we believe the issue is specific to Change Healthcare, and all other systems across UnitedHealth Group are operational.”

Despite this confirmation, hospitals, pharmacies, and providers were left in the dark regarding the full extent of the security breach. Consequently, most hospitals took precautionary measures by disconnecting from all UnitedHealth Group online resources and tools to safeguard their patients and infrastructure until clear conformation could be made that all of UnitedHealth Group’s systems had not been penetrated.

HFMA outreach to FBI, HHS and membership

HFMA’s executive team took proactive steps Feb. 22 by reaching out and initiating communication with the FBI and the Department of Health and Human Services concerning the issue. This action was prompted by the lack of comprehensive details being provided by UnitedHealth Group to its providers regarding the cyberattack.

On Feb. 22 at 2 p.m. CT, HFMA organized a Change Healthcare Outage Roundtable discussion with its members to address, mitigate and strategize regarding the impacts of the Change Healthcare outage. More than 100 HFMA members participated in this national call, sharing insights into their organizations’ operational impacts, mitigation plans and future strategic considerations. At this time, the official confirmation being released from Change Healthcare via their status webpage was, “Change Healthcare is experiencing a cybersecurity issue, and our experts are working to address the matter. Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. At this time, we believe the issue is specific to Change Healthcare and all other systems across UnitedHealth Group are operational. The disruption is expected to last at least through the day. We will provide updates as more information becomes available.”

After the Feb. 22 call, the HFMA Executive Council team promptly prepared a member survey for organizations to complete. This survey aims to connect individuals facing similar impacts and challenges, facilitating collaboration and resource pooling to effectively address the repercussions of the cyberattack.

Change Healthcare, a subsidiary of UnitedHealth Group, diligently provided timely updates through their online portal following their initial post on Feb. 22. However, through the morning of Feb. 29, their message remained the same as to the extensiveness of the security breach: “We have a high level of confidence that Optum, UnitedHealthcare, and UnitedHealth Group systems have not been affected by this issue.”

On Feb. 26 at 11:15 a.m. CT, HFMA hosted its second Change Healthcare Outage Roundtable discussion with members, focusing on addressing, mitigating and strategizing about the impacts of the Change Healthcare outage. More than 170 HFMA members actively participated in this national call, contributing valuable insights into their organizations’ operational impacts, mitigation plans and future strategic considerations.

During this session, HFMA’s Executive Council and the HFMA Community leadership thoroughly reviewed the work group survey results. Additionally, they shared important resources compiled by HFMA staffers and members to assist healthcare professionals in researching and addressing operational challenges. These challenges included issues related to claims clearinghouses, payer remits (ERAs), pharmacy tools, eligibility and other tools impacting patient access to healthcare.

HFMA members also actively participated in sharing strategic decisions and actions they had undertaken over the past six days to mitigate the outage. During discussions, they candidly shared both achievements and failures they had encountered in addressing the challenges. The aim was, and is, to provide support to colleagues who were facing similar or related issues, fostering a collaborative environment focused on finding effective solutions.

HIPAA considerations

Despite this assurance, hospitals grappling with HIPAA regulations couldn’t simply rely on a “high level of confidence” to resume normal operations across all products and services under UnitedHealth Group’s umbrella. Until UnitedHealth Group provided definitive confirmation on Feb. 29 at 10:50 a.m. EST, many providers were compelled to remain offline due to concerns for their own safety and the safety of their patient information.

Change Healthcare’s confirmation, stated: “Based on our ongoing investigation, there’s no indication that Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected by this issue.” Additionally, for the first time, the healthcare giant acknowledged, “Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.”

On March 1 at 9:15 a.m. CT, in response to the requests from our membership, HFMA organized a third Change Healthcare Outage Roundtable discussion. This time, more than 200 HFMA members actively engaged in this national call, continuing to provide valuable insights to further assist one another through this crisis.

Discussions during the session revolved around exploring alternate methods for submitting patient claims to payers, assessing the impacts on value-based and quality-of-care initiatives and devising strategies to properly support patients with high-cost drug needs. These discussions were particularly pertinent as the Change Healthcare outage had now persisted for 10 days, highlighting the importance of collaborative problem-solving and support within the healthcare community.

4th discussion scheduled

HFMA’s Community and Executive Council leadership will be hosting a fourth Change Healthcare Outage Roundtable discussion March 5 at 9 a.m. CT for the healthcare provider community. We want to sincerely thank our members for their engagement, leadership and resolve during this challenging time.

About the Author

Shawn Stack

is HFMA's director, healthcare finance policy, perspectives and analysis in HFMA’s Washington, D.C., office.

See All Articles

Related Tags

Advertisements

googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text1' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text2' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text3' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text4' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text5' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text6' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text7' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-leaderboard' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-cube1' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-cube2' ); } );

Recent Cybersecurity

What the Change Healthcare cyberattack means for the future of the industry

News Briefs: Providers face trying times  in the first month after the Change Healthcare cyberattack  

Joshua Corman unpacks the consequences of the Change Healthcare cyberattack on an HFMA podcast episode 

googletag.cmd.push( function () { googletag.display( 'hfma-gpt-cube3' ); } );