Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.

First launched in March, the Centers for Medicare & Medicaid Services (CMS) said the funding program will end on July 12 after supporting healthcare providers through intense cashflow issues.

The Department of Health and Human Services (HHS) intervened after pharmacies, hospitals, and other service delivery organizations were struggling to submit claims and receive payments from the Medicare and Medicaid programs.

With Change Healthcare providing software for insurance claims and prescription orders to more than 70,000 of these organizations, many of their financial situations quickly became severe, within a week of the attack that forced Change's systems offline.

The US government's support was multifaceted, introducing more relaxed rules around which clearing houses Medicare providers could use, for example. Medicare Advantage organizations, ones that weren't as adversely affected by the attack, were also encouraged to offer advanced funding to struggling providers.

Medicaid and Children's Health Insurance Program managed-care plans were "strongly" encouraged to offer advanced funding too, alongside a relaxation or complete removal of prior authorization requirements.

Medicare Administrative Contractors (MAC) were also forced to accept paper claims while electronic billing systems remained offline during Change's recovery.

"In the face of one of the most widespread cyberattacks on the US healthcare industry, CMS promptly took action to get providers and suppliers access to the funds they needed to continue providing patients with vital care," said Chiquita Brooks-LaSure, administrator at CMS.

"Our efforts helped minimize the disruptive fallout from this incident, and we will remain vigilant to be ready to address future events."

Nearly 9,000 accelerated payments were made to Medicare providers since the government stepped in, totaling more than $3.2 billion. These were somewhat equally split in number for Part A and Part B providers – 4,200 and 4,722 payments respectively, although the Part A payments were worth significantly more – $2.55 billion vs $717.18 million.

• UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
• Change Healthcare's ransomware attack costs edge toward $1B so far
• Change Healthcare faces second ransomware dilemma weeks after ALPHV attack
• US to probe Change Healthcare's data protection standards as lawsuits mount

The vast majority of these payments (96 percent) have been recovered now that providers can once again bill Medicare as normal.

For those still facing issues beyond the July 12 cutoff, there isn't much in the way of guidance. All we know is that they'll have to get in touch with Change Healthcare and/or their MAC directly and go from there.

"CMS will continue to monitor for other effects of the cyberattack on Medicare providers of services and suppliers and will continue to engage industry partners to address any remaining issues or concerns," the federal agency said in a Monday statement.

"CMS encourages all providers of services and suppliers, technology vendors, and other members of the healthcare ecosystem to double down on cybersecurity, with urgency."

We're only halfway into the year and the ransomware attack at Change Healthcare is a strong contender to be one of the most disruptive and costly of 2024.

As of April, following the release of Change Healthcare's financials from parent company UnitedHealth, the costs associated with the attack were rising close to $1 billion, eclipsing the massive $100 million it cost MGM Resorts to recover from its incident last year. That's including the $22 million ransom payment CEO Andrew Witty confirmed was made to ALPHV/BlackCat after weeks of speculation.

Many of the company's core systems have now fully returned online, but restoration efforts were still ongoing as of last month as some older systems were brought back to action. ®