Use code Fit15 to save 15% at the APTA Store during National Fitness Month.
By using this site, you are consenting to our use of cookies. To find out more visit our privacy policy.
The Feb. 21 hack of the data interchange company caused disruptions for providers and patients. Here’s an information roundup.
[Last updated: May 8]
May 1: UnitedHealth Says Up to One-Third of Americans May Be Affected by Change Cyberattack
From CNN: “A third of Americans may have had their personal data swept up in a February ransomware attack on a UnitedHealth Group subsidiary that disrupted pharmacies across the US, UnitedHealth CEO Andrew Witty estimated in testimony to Congress on Wednesday. It will likely take ‘several months’ before UnitedHealth is able to identify and notify Americans impacted by the hack because the company is still combing through the stolen data, Witty said in written testimony.”
May 3: Recap of Change Cyberattack Senate Committee Hearing
From MedCity News: ” The chief executive officer of UnitedHealth Group appeared in front of two Congressional Committees on Wednesday, forced to answer uncomfortable questions on how his company handled what is being described as the worst malicious ransomware attack in the history of the healthcare industry … Here are the key moments and takeaways from the 2-hour-plus hearing in the Senate Committee on Finance.”
April 23: Novitas Tells Providers to Stop Submitting Paper Forms
Medicare administrative contractor Novitas Solutions, which operates in the District of Columbia, Delaware, Maryland, New Jersey, and Pennsylvania, has advised providers to return to electronic submissions of Medicare claims forms “now that Change Healthcare and Optum have restored their customers’ ability to electronically bill Medicare.” Tip: Other MACs may implement similar changes, so it’s a good idea to check in regularly for announcements. Find a directory and map of MACs here.
Ongoing: Regularly Updated Information on Cyberattack Response
UnitedHealth Group describes the webpage as “a main source for the latest business and information updates, UnitedHealthcare, Optum and Change Healthcare stakeholders” with links to other resources. The page includes information on temporary funding, a list of frequently asked questions, news updates, and more.
March 15: CMS Statement on Medicaid Enforcement Flexibilities (and Link to Informational Bulletin)
CMS issued a statement on March 15 outlining flexibilities in some of its Medicaid rules in response to the Change cyberattack. The resource includes a link to a detailed 13-page informational bulletin.
March 13: Accelerated/Advanced Payment Program Frequently Asked Questions
What is the CHOPD program? How long will payments be available? How long will it take to get the money? CMS answers these and more questions about its accelerated and advanced payment program.
March 9: CMS Extends MIPS Deadline, Reopens Exceptions Process in Response to Change Attack
The U.S. Centers for Medicare & Medicaid Services announced that it is extending the deadline for 2023 data submissions under the Merit-based Incentive Payment System, or MIPS, until April 15 at 8 p.m. ET. In addition, the agency has reopened the MIPS Extreme and Uncontrollable Circumstances, or EUC, exception application window until the same date and time. Only exception applications that cite the Change cyberattack as the reason for the request will be accepted. More information on the extension and exceptions processes is available from the CMS Quality Payment Program.
March 25: HHS Shares Individual Payers’ Assistance Information
The U.S. Department of Health and Human Services has compiled a toolkit that breaks down 10 commercial payers’ assistance programs and resources available to providers impacted by the Change cyberattack. Programs from United Health Group, AmeriHealth Caritas, Blue Cross Blue Shield, Centene, Cigna, CVS Health, Elevance, Humana, Kaiser Permanente, and Molina are detailed in the document, which also includes contact information for those payers and more.
March 19: Readout of March 18 White House Meeting With Insurers
HHS issued a summary of a meeting between HHS Secretary Xavier Becerra, White House officials, and payers “to discuss actions to mitigate harms to patients and providers.” The readout also includes a history of HHS actions on the Change cyberattack up to the meeting date.
March 13: HHS Office of Civil Rights Opens Investigation
The HHS Office of Civil Rights, which oversees enforcement of HIPAA privacy and security rules, has announced an investigation focusing on “whether a breach of protected health information occurred and Change Healthcare and UHG’s compliance with the HIPAA rules.”
March 10: Letter to Health Care Leaders
On March 10, HHS Secretary Becerra issued a letter that includes recommendations for payers, with specific calls to action for UnitedHealth Group.
April 23: UnitedHealth Admits It Paid Ransom in Cyberattack
From IT Pro: “UnitedHealth Group has admitted it paid a ransom to threat actors who exfiltrated patient data in a breach affecting its subsidiary Change Healthcare. Researchers monitoring crypto wallets of the ALPHV group, believed to be responsible for the initial attack, suggested UnitedHealth had paid a $22 million dollar ransom in Bitcoin in early April.”
April 23: UnitedHealth Says “Substantial Portion” of Americans’ Health Information Exposed in Cyberattack; Acknowledges Second Extortion Attempt
From cybernews: “Health insurance behemoth UnitedHealth Group has confirmed that cyberattackers compromised a massive trove of sensitive data from its tech branch Change Healthcare, which could cover a ‘substantial proportion of people in America.’ Meanwhile, a second ransomware group that was demanding payments has delisted the company from its victim’s page.”
March 20: Infographic: Timeline of the Change Cyberattack
From healthleaders: A graphic chronology of major Change hack-related events from Feb. 21 to March 18.
March 18: Change Hack Raises Questions About the Data Security of the Health Care System
From Politico: “Eight officials with the government or U.S. hospitals interviewed by POLITICO say the hack underscores major vulnerabilities in the country’s health care system — raising critical questions about whether federal agencies and Congress need to do more to prevent another, potentially more serious, attack in the future.”
March 12: White House Urges Payers to Move on Emergency Funds
From CNN: “Senior Biden administration officials on Tuesday pressed the CEO of health care giant UnitedHealth Group and other health care firms to do more to get vital payments flowing to health care providers three weeks after a cyberattack crippled those payment systems.”
Date: March 22, 2024
Contact: news@apta.org
Content Type: Roundup
Coding & Billing, Commercial Insurance
News
Apr 17, 2024
Free to members, APTA’s webinar series delivers crucial information in an easy-to-understand format. Register now for upcoming sessions.
News
Apr 2, 2024
After helping create the CPT codes and advocate for their adoption, APTA launched an education campaign featuring a practice advisory.
News
Mar 29, 2024
A new FAQ resource from CMS confirms that information in an APTA Practice Advisory is correct.
For Advertisers, Exhibitors, and Sponsors | For Media
About APTA | Work at APTA
Privacy Policy | Disclaimer
All contents © 2024 American Physical Therapy Association. All rights reserved.
Use of this and other APTA websites constitutes acceptance of our Terms & Conditions.
For Advertisers, Exhibitors, and Sponsors | For Media
About APTA | Work at APTA
Privacy Policy | Disclaimer
All contents © 2024 American Physical Therapy Association. All rights reserved.
Use of this and other APTA websites constitutes acceptance of our Terms & Conditions.
