Readout of Biden-Harris Administration Convening with Health Care Community Concerning Cyberattack on Change … – HHS.gov
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Leaders from HHS, White House, DOL, and the health care community convened to discuss ways to mitigate harms to patient and providers caused by the cyberattack.
On Tuesday, March 12, the U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra and Deputy Secretary Andrea Palm, led a convening of health care community leaders – joined by White House Domestic Policy Advisor Neera Tanden, White House Deputy National Security Advisor (DNSA) for Cyber and Emerging Technologies Anne Neuberger, and others from the federal government – to discuss concrete actions to mitigate harms to patients and providers caused by the cyberattack on Change Healthcare.
Over the weekend, Secretary Becerra and Acting Labor Secretary Julie Su called on UnitedHealth Group (UHG) and other payers to meet the moment, urging actions that complement those taken by the Biden-Harris Administration to ensure patients’ access to care and support providers.
Secretary Becerra and Domestic Policy Advisor Tanden made clear the government and private sector must work together to help providers make payroll and deliver timely care to the American people and that insurers help providers in this moment of challenge. Since February 21, when HHS first learned of the Change Healthcare attack, it has been in near-constant communication with countless stakeholders to understand the impact on the ground and step in to help facilitate solutions with urgency. Centers for Medicare & Medicaid Services (CMS) Administrator Chiquita Brooks-LaSure also announced that guidance to states is forthcoming to provide needed flexibilities for states to support Medicaid providers and suppliers during this time.
Biden-Harris Administration officials directly heard concerns from representatives of provider groups – hospitals, children’s health providers, physicians, infusion centers, pharmacies, community health centers, long-term care facilities – across the country on the broad impact the cyberattack on Change Healthcare has had on the health care sector. They highlighted gaps in the response from payers, including the need for more immediate payment options, direct communications and relaxed billing and claims processing requirements.
Health care payers were then called upon and committed to continued coordination to meet the need – considering additional steps to reduce red tape, provide accessible funding opportunities through advanced payments, and through other means to provide productive solutions to address the cash flow issues that providers are experiencing. Biden-Harris Administration officials called upon the payers to respond with urgency and noted they will follow-up with the payer community about the actions and commitments voiced today.
The DNSA Neuberger noted the interconnectedness of the domestic health care ecosystem and the urgency of strengthening cybersecurity resiliency across the sector, by implementing HHS’s voluntary HPH Cyber Performance Goals (CPGs). Department of Labor Principal Deputy Assistant Secretary for Employee Benefits, Ali Khawar reminded the participants of DOL’s Cybersecurity Program Best Practices for plan sponsors, plan fiduciaries, record keepers and plan participants in the health care community.
List of Administration participants:
List of Stakeholder participants:
These efforts are part of HHS’ broader cybersecurity strategy. HHS continues to urge everyone to implement the aforementioned CPGs designed to help health care organizations strengthen cyber preparedness, improve cyber resiliency, and ultimately protect patient health information and safety.
HHS Actions on Change Healthcare to Date
Once the U.S. Department of Health and Human Services (HHS) was notified of the cyberattack on Change Healthcare systems on February 21, 2024, HHS acted to address the impacts. Within first 24 hours the Administration for Strategic Preparedness and Response (ASPR), in its role as “sector risk management agency,” stood up an interagency response team and began coordinating with federal partners (e.g., Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigations, Veterans Affairs) and across HHS to develop a comprehensive understanding of the situation and to coordinate the federal response. HHS began direct communication with UnitedHealth Group (UHG) leadership on day one, with an initial focus on scope and magnitude of impact.
HHS continued coordination as the situation progressed, continuing engagement with UHG to both assess timeline to restoration and system-wide impacts, and to press UHG for a swift and effective response to mitigate harms to patients and providers. ASPR continues to lead interagency actions, including the development and distribution of actionable threat intelligence with the healthcare sector and actions to ensure a system-wide response, coordination with Department of Labor and the Small Business Administration for potential private market supports, and communication with industry.
HHS has also been in consistent communication with other private sector health care entities – including private payers and clearinghouses – to ensure a systemwide response to increase claims flow and advanced payments wherever appropriate. HHS is in regular contact with state partners and with numerous external stakeholders, including physicians, hospitals, pharmacies, and other health care providers, to understand the nature of the impacts and to assess the effectiveness of the system-wide response. As CMS has received reports of any obstacles with claims processing or enrollment delays, the Agency has followed up with the Medicare Administrative Contractors (MACs) to troubleshoot issues. HHS is working with Members of Congress to facilitate assistance to providers and hospitals struggling with cash flow issues.
HHS, through ASPR and in partnership with Office of the Chief Information Officer (OCIO), conducted a comprehensive initial assessment of impacts on agencies within HHS and continues to monitor for additional impacts. As a result, the Indian Health Service (IHS) and Health Resources and Services Administration (HRSA) are communicating with leaders to address and mitigate effects.
And last, HHS, through the Centers for Medicare & Medicaid Services, took the following policy and administrative actions:
Key Actions:
Receive the latest updates from the Secretary, Blogs, and News Releases
Receive latest updates
For general media inquiries, please contact media@hhs.gov.
Receive the latest updates from the Secretary, Blogs, and News Releases.
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775