Skip to content

Find resources to help with recovery if you’ve been impacted by Hurricanes Milton and Helene. Learn More

Baldwin Bulletin

Change Healthcare, a U.S. Healthcare Company, is Confirmed as a Cyberattack

The Baldwin Group
|
Updated: June 7, 2024
|
1 minute read

On February 21, 2024, UnitedHealth Group disclosed that one of its companies, Change Healthcare, experienced a cyberattack. This was a significant incident because it was the most serious attack of its kind levied against a U.S. healthcare organization, to date. Since then, UnitedHealth Group continues to make progress in mitigating the impacts of the attack upon consumers and care providers, while continuing to expand financial assistance to affected providers.

Employer Action Items

UnitedHealth Group is announcing support for people who may be concerned about their personal data potentially being breached in the attack.  

The company is also providing an update on progress in restoring Change Healthcare’s products and services. See the full update here.

Summary

In response to active exploitation of a cybersecurity vulnerability, the Federal Bureau of Investigation (“FBI”), the Cybersecurity and Infrastructure Security Agency (“CISA”), and the Department of Health and Human Services (“HHS”) have released a joint announcement related to the Change Healthcare cyberattack. The advisory details the attack and provides information for medical practices and information technology staff to help strengthen organizational cybersecurity.

Attackers gained access to Change Healthcare’s information technology last month, disrupting healthcare, billing operations and care-authorization systems across the country. The attack was a direct threat to critically needed patient care and essential operations of the health care industry.

Change Healthcare reestablished connections to claims network and software on March 18.

HHS’s Office of Civil Rights (“OCR”) is investigating the attack and is reviewing concrete actions to mitigate harms to patients and providers caused by the cyberattack on Change Healthcare.

OCR posted a new webpage to share answers to frequently asked questions (“FAQs”) concerning HIPAA and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (“UHG”), and many other health care entities.

For More Information

  • The Centers for Medicare and Medicaid Services (“CMS”) announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request Medicare payments to help with cash flow disruptions. The details of the program, terms and the steps needed to apply can be found in this LINK.

Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Compliance Alert
BRCC COMPLIANCE ALERT - December 17, 2024
2025 BRCC Educational Webcast and HIPAA Complete Training Calendars Overview The Baldwin Regulatory Compliance Collective (“BRCC”) is excited to announce...
Baldwin Bulletin
Upcoming Compliance Deadlines - December
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans.  Please note the following...
Baldwin Bulletin
2024-2025 Affordable Care Act (“ACA”) Reporting Office Hours with BRCC Compliance Experts
The BRCC announces a new series of open office hours with our ACA compliance experts, designed specifically for the 2024-2025...
Baldwin Bulletin
Summary Annual Report (“SAR”) due December 15th for Calendar Year Plans with Form 5558 Extensions
Employers who are required to submit a Form 5500 for their employee benefit plans also have an obligation to distribute...
Baldwin Bulletin
Internal Revenue Service (“IRS”) Releases Draft Publication 15-B (Fringe Benefits)
The IRS issued an early release draft of their annual Publication 15-B. The draft contains tax forms, instructions, and other...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us