(February/March 2024)

Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, announced Feb. 21 they were hit with a cyberattack that disrupted a number of its systems and services, according to a statement posted on its website.

AHA Advisories and Actions to Keep Members Informed

  • March 26 Special Bulletin highlighting a new national health plan resource guide developed by the Departments of Health and Human Services, Administration for Strategic Preparedness and Response and Centers for Medicare & Medicaid Services.
  • March 19 Letter to the U.S. House of Representatives’ Committee on Ways and Means informing them prior to a March 20 hearing of the cyberattack’s impact on hospitals and health systems.
  • March 18 Special Bulletin detailing CMS guidance on Medicaid flexibilities and response to Change Healthcare cyberattack.
  • March 15 AHA Today article on new CMS guidance to help states make interim Medicaid payments to providers impacted by the Change Healthcare cyberattack.
  • March 15 Survey Results on the impact of the Change Healthcare cyberattack on U.S. hospitals.
  • March 14 Special Bulletin highlighting the Centers for Medicare & Medicaid Services’ frequently asked questions on their accelerated and advance payment program for hospitals, physicians and others impacted by the Change Healthcare cyberattack.
  • March 13 Letter to Senate Finance Committee leadership in advance of their March 14 hearing on the President’s fiscal year 2025 Health and Human Services budget updating them on the impact of the recent Change Healthcare cyberattack and raising concerns regarding the Administration’s proposal to penalize hospitals that don’t meet certain cybersecurity requirements.
  • March 11 Special Bulletin on the Department of Health and Human Services and Department of Labor calling on UnitedHealth Group to “take responsibility” for the adverse impacts of the Change Healthcare cyberattack.
  • March 9 Special Bulletin on CMS’ notice formally announcing terms for hospitals, physicians and other providers impacted by the Change Healthcare cyberattack to apply for accelerated and advance payments.
  • March 8 Special Bulletin on UnitedHealth Group’s announcement of a series of updates on its response to the unprecedented cyberattack against its subsidiary Change Healthcare.
  • March 6 Perspective column from AHA President and CEO Rick Pollack highlights the AHA’s work on this issue to advocate on members’ behalf.
  • March 5 Special Bulletin with details of some flexibilities announced by HHS and AHA’s media statement in response to the announcement.
  • March 4 Action Alert encouraging AHA members to speak to their members of Congress urging them to take action to support hospitals as they navigate the effects of the ongoing cyberattack.
  • March 4 Letter to the Congress urging actions to support hospitals' efforts to care for patients as the entire health care system continues to navigate the effects of the ongoing cyberattack.
  • March 4 Letter to UnitedHealth Group expressing concern with the company's Temporary Funding Assistance Program announced March 1. 
  • March 1 Special Bulletin includes information on Change Healthcare temporary actions – funding assistance program and e-prescribing service – announced today and additional cybersecurity resources for the field.
  • Feb. 29 Perspective column from AHA President and CEO Rick Pollack highlights the AHA’s work on this issue to inform members and advocate on their behalf.
  • Feb. 27 Cybersecurity Advisory on an updated #StopRansonware: ALPHV Blackcat joint agency advisory with new indicators of compromise and tactics, techniques and procedures
  • Feb. 26 Letter to the Department of Health and Human Services outlining the implications of the cyberattack on patient care.
  • Feb. 26 Cybersecurity Advisory with Health-ISAC bulletin details on maintaining network connectivity with UnitedHealth Group systems and indicators of compromise.
  • Feb. 25 Cybersecurity Advisory with indicators of compromise to assist with indicator sweeps of network compromise.
  • Feb. 24 Cybersecurity Advisory with additional details, recommendations and AHA actions.
  • Feb. 23 AHA cybersecurity update member call with representatives from the Department of Health and Human Services, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation.
  • Feb. 22 Cybersecurity Advisory alerting of the attack and recommended steps.

Cybersecurity & Risk Advisory

Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA’s National Advisor for Cybersecurity and Risk.

Learn More

AHA in the News

  • March 15, Bloomberg — Health Insurers Split With US Over Relief After Change Healthcare Hack
  • March 13, CNN — Feds investigating whether hacked health care giant complied with law protecting patient data
  • March 12, Barron’s — UnitedHealth Maintains the Hack Won’t Have an Impact. That’s Harder to Believe Now.
  • March 8, New York Times — With Cyberattack Fix Weeks Away, Health Providers Slam United
  • March 8, KFF Health News — Biden Team, UnitedHealth Struggle to Restore Paralyzed Billing Systems After Cyberattack
  • March 5, The Wall Street Journal — Calls Mount for Government Help As Change Healthcare Hack Freezes Medical Payments
  • March 5, The New York Times — Cyberattack Paralyzes the Largest U.S. Health Care Payment System
  • March 5, The Washington Post — Officials Rush To Help Hospitals, Doctors Affected by Change Healthcare Hack
  • March 5, Reuters — U.S. To Accelerate Some Payments to Hospitals After UnitedHealth Hack
  • March 3, The Washington Post — Health-care hack spreads pain across hospitals and doctors nationwide
  • March 3, CNN This Morning — Cyberattack on Insurance Provider Causes Billing, Prescription Delays
  • March 1, NBC News— a Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’ American Hospital Association CEO Rick Pollack said effects of the attack "are continuing to be felt throughout the entire health care system."
  • Feb 29, CBS Evening News— Cyberattack on UnitedHealth still impacting prescription access: "These are threats to life"
  • Feb 29, Associated Press— A large US health care tech company was hacked. It’s leading to billing delays and security concerns

The AHA will continue to keep you updated on this situation. Please send any technical, financial and/or clinical impact or related technical threat intelligence on a confidential basis to John Riggi, AHA’s national advisor for cybersecurity and risk, at jriggi@aha.org. The AHA maintains close contact with the FBI, HHS and CISA and will share cyber threat intelligence with them without attribution to your organization, unless you specify permission to be identified. If you have identified any of these indicators of compromise on your network, or are experiencing a ransomware attack, contact your local FBI field office or FBI 24/7 Cyber Watch at 855-292-3937 and describe any delay or disruption to care delivery.