Skip to content
Baldwin Bulletin

Change Healthcare, a U.S. Healthcare Company, is Confirmed as a Cyberattack

The Baldwin Group
|
Updated: June 7, 2024
|
1 minute read

On February 21, 2024, UnitedHealth Group disclosed that one of its companies, Change Healthcare, experienced a cyberattack. This was a significant incident because it was the most serious attack of its kind levied against a U.S. healthcare organization, to date. Since then, UnitedHealth Group continues to make progress in mitigating the impacts of the attack upon consumers and care providers, while continuing to expand financial assistance to affected providers.

Employer Action Items

UnitedHealth Group is announcing support for people who may be concerned about their personal data potentially being breached in the attack.  

The company is also providing an update on progress in restoring Change Healthcare’s products and services. See the full update here.

Summary

In response to active exploitation of a cybersecurity vulnerability, the Federal Bureau of Investigation (“FBI”), the Cybersecurity and Infrastructure Security Agency (“CISA”), and the Department of Health and Human Services (“HHS”) have released a joint announcement related to the Change Healthcare cyberattack. The advisory details the attack and provides information for medical practices and information technology staff to help strengthen organizational cybersecurity.

Attackers gained access to Change Healthcare’s information technology last month, disrupting healthcare, billing operations and care-authorization systems across the country. The attack was a direct threat to critically needed patient care and essential operations of the health care industry.

Change Healthcare reestablished connections to claims network and software on March 18.

HHS’s Office of Civil Rights (“OCR”) is investigating the attack and is reviewing concrete actions to mitigate harms to patients and providers caused by the cyberattack on Change Healthcare.

OCR posted a new webpage to share answers to frequently asked questions (“FAQs”) concerning HIPAA and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (“UHG”), and many other health care entities.

For More Information

  • The Centers for Medicare and Medicaid Services (“CMS”) announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request Medicare payments to help with cash flow disruptions. The details of the program, terms and the steps needed to apply can be found in this LINK.

Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Baldwin Bulletin
Upcoming Compliance Deadlines August 2025
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans. Please note the following upcoming...
Baldwin Bulletin
The ACA In Mergers in Acquisitions – Part I
August 2025Jason Sheffield, National Director of Compliance Identifying and Mitigating ACA-related Liabilities Arising in Connection with Corporate Transactional Activities Introduction...
Baldwin Bulletin
IRS Announces 2026 Affordable Care Act Pay-or-Play Penalties 
August 2025  Stephanie Hall, Associate Director, Benefits Compliance  On July 22, 2025, the Internal Revenue Service (“IRS”) announced the updated...
Baldwin Bulletin
Navigating “Mini-COBRA” or “COBRA-like” (state continuation of coverage) Requirements: A New Era for ERISA Compliance 
August 2025  Deanna Sizemore, Associate Director, Benefits Compliance  For employer plan sponsors, understanding and complying with various benefit laws is...
Baldwin Bulletin
Navigating Medicare Part D: 2026 Creditable Coverage Changes & Disclosure Essentials for Employers 
August 2025Deanna Sizemore, Associate Director, Benefits Compliance Summary  As we look forward to 2026, employer-sponsored health plans face new considerations...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us