Supporting Hospitals and Patients After Cyberattack on Change Healthcare

Feb 29, 2024 - 06:09 PM by
Rick Pollack, President and CEO, AHA
Rick Pollack Perspective 900x400 12-2023

The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a U.S. health care organization.

Nine days into the attack on Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, effects are continuing to be felt throughout the entire health care system.

According to Change Healthcare, the company processes 15 billion health care transactions annually and touches 1 in every 3 patient records. These transactions include a range of services that directly affect patient care, including eligibility verifications and pharmacy operations, as well as claims transmittals and payment. All of these have been disrupted to varying degrees over the past several days and the full impact is still not known.

Since the attack was first made public, the AHA has been working on many fronts to support hospitals and health systems – and the patients and communities they serve – that have been impacted by the attack.

Keeping You Informed and Sharing Information to Help Protect Your System

  • Cybersecurity Advisories – We have issued a series of Cybersecurity Advisories to provide hospitals with the latest details and guidance about the cyberattack. As the incident has evolved, the Cybersecurity Advisories have included additional information about the indicators of compromise to assist network defenders with conducting a sweep within their environment to determine whether their network has been compromised.
     
  • Calls with Members – On Feb. 23, we hosted a call in which nearly 3,000 hospitals leaders heard from leaders at the Department of Health and Human Services, Cybersecurity and Infrastructure Security Agency, and FBI. Our team also has had several calls with individual hospitals and health systems to hear about how the attacks are affecting their organizations and what assistance they need.
     
  • New Webpage with Latest Resources – We launched a new webpage that provides a convenient central source of updated information related to the cyberattack. It also includes links to all of AHA’s cybersecurity tools and resources led by AHA’s National Advisory for Cybersecurity and Risk John Riggi, who is a highly-decorated 30-year veteran of the FBI. 

Advocating for Additional Assistance to Support Hospitals and Patient Care

The AHA remains in close contact at the highest levels with UnitedHealth Group about efforts to minimize any further disruption to patient care and hospital operations resulting from this attack. 

In addition, earlier this week we sent a letter asking the Department of Health and Human Services to continue to help hospitals and health systems minimize the fallout from the cyberattack. Among other actions, we asked the department to consider proposals to: offer guidance to providers about how they may request Medicare advanced and accelerated payments; provide flexibility with respect to e-prescribing regulations; and provide an extension to the timely filing requirements under federally regulated health plans.

We will continue discussions with UnitedHealth Group and the federal government about these efforts as a prolonged disruption of Change Healthcare’s systems could mean that some hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services.

America’s hospitals and health systems work very hard to secure their systems against cyberattacks, and they have invested considerable financial and human resources in these efforts. Yet as we have seen too often, the resources of our cyber adversaries, many of them sponsored by hostile nation-states, are formidable.

The AHA will continue to work collaboratively with all partners to enhance cybersecurity efforts for the entire health care field so that we can continue to deliver the care that our patients and communities need.  

Related News Articles

Headline
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack
The Department of Health and Human Services’ Office for Civil Rights April 19 launched a webpage answering HIPAA-related FAQs about the Change Healthcare…
Headline
Agencies issue ransomware alert, guidance for securely deploying AI
U.S. and European agencies April 18 recommended organizations implement certain best practices to protect against the latest versions of Akira ransomware,…
Headline
AHA urges Congress to reject cybersecurity proposal in HHS budget request
In a statement submitted to the House Energy and Commerce Health Subcommittee for a hearing April 17 on President Biden’s fiscal year 2025 Health and Human…
Headline
HHS Deputy Secretary Palm discusses Change Healthcare attack and future of cybersecurity
Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to…
Headline
Representative Guthrie discusses cybersecurity, prior authorizations and telehealth
Rep. Brett Guthrie, R-Ky., today addressed attendees of AHA’s 2024 Annual Membership Meeting and touched on many of the biggest issues in health care:…
Headline
AHA testifies at hearing on health care cybersecurity
Testifying April 16 before a House Energy and Commerce Subcommittee on Health hearing on addressing health care cybersecurity vulnerabilities in the wake of…