Change Healthcare Systems Cyberattack Shuts Down Payment Processing

Change Healthcare Systems Cyberattack Shuts Down Payment Processing

A recent cybersecurity attack renews the warnings to ensure your required HIPAA compliance plan and manual are updated and active.  On February 21, 2024, Change Healthcare (a subsidiary of Optum) experienced a cybersecurity attack.  Some software systems, providers, hospitals, and clearinghouses have been affected by this attack. As of March 8, 2024, Change Healthcare stated that there is no indication that any other UnitedHealth Group systems have been affected by this attack.  They have not verified whether patient information was compromised.

Change Healthcare announced that BlackCat/ALPHV identified itself to the company, claiming responsibility for the cybercrime. According to the US Department of Justice, BlackCat/ALPHV is the second most prolific ransomware-as-a-service entity in the world, with over 1000 victims of cybercrimes across the globe.

Advertisement

The restoration of the Change Healthcare systems has caused a shutdown of claims processing and prior authorization of benefits for some plans, including Medicare Advantage plans.  The company expects to begin testing and reestablishing connectivity to its claims network and software on March 18, 2024. 

Medicare Claim Information

Workarounds have been established for several payers, including National Government Services (NGS).  Keep in mind that if you choose to submit paper claims to NGS, Medicare payment will occur 29 days from the date the paper claim is received, whereas the payment for electronically submitted claims is only 14 days.

As an alternative, providers can use the NGSConnex for Part B claim submissions if they are affected and choose not to wait until the Change Healthcare system is restored.

As of March 9, CMS will offer emergency funding to Medicare providers affected by last month’s Change Healthcare cyber incident.   The emergency funds represent upfront payments made to providers and suppliers based on their expected future claims. You can see if you’re eligible for advanced payments here.

Other Claims Processing Information

One clearinghouse recently indicated “the route to this payer has been impacted by the Change Healthcare cyber incident. Providers will need to submit by paper, hold, or utilize the payer’s DDE.” However, we are recommending that providers hold claims, since connectivity is expected to be restored by early next week (week of March 18, 2024).

Cybersecurity Threats Remains a Problem for Healthcare

In 2023, a record-setting 725 healthcare security breaches were reported to the Department of Health & Human Services Office for Civil Rights, according to a report from The HIPAA Journal. Last year, an average of 370,000 healthcare records were breached every day.

This is an opportunity for you to ensure that your system is safe.  Perform Live Updates for your Network Security software.  Providers and staff should be diligent in not clicking on links in emails or on social media, downloading attachments, or clicking on any links in the email.  A HIPAA requirement is that you also conduct a Security Risk Assessment (https://www.healthit.gov/sites/default/files/SRA_Tool_3.4.msi ) annually for your office. While the effects of this cybersecurity event are ongoing, providers and staff must work to protect the health information and financial records of the office and their patients.  Breaches of this type are all too common and may result in significant interruptions in patient care and ensuing fines.

About Author

Mario P. Fucinari DC, CPCO, CPPM, CIC

Dr. Mario Fucinari has helped train doctors and staff over the last 20 years. He received his bachelor's degree from Wayne State University in Detroit and his Doctor of Chiropractic degree from Palmer College of Chiropractic in 1986. Dr. Fucinari was the recipient of the 1998 and the 2003 President's Award from the Illinois Chiropractic Society (ICS) for his work with education and training and most recently received the 2012 Chiropractor of the Year award from the ICS. Dr. Fucinari was the first chiropractic physician to attain the Certified Medical Compliance degree. Two years later he earned his degree as a Certified Instructor for the Certified Medical Compliance Program. He is now the Chairman of the Chiropractic division of the national medical compliance program. He has produced classes and publications on HIPAA, Clinical Documentation, Medicare, and Stroke and Cervical Manipulation. He is a worldwide speaker for NCMIC, Foot Levelers, ChiroHealthUSA and several state associations and a Certified Chiropractic Sports Physician [CCSP].Online CME CoursesConnect

Corporate Club Members

Article Categories