On February 21, 2024, UnitedHealth Group disclosed that one of its companies, Change Healthcare, experienced a cyberattack. This was a significant incident because it was the most serious attack of its kind levied against a U.S. healthcare organization, to date. Since then, UnitedHealth Group continues to make progress in mitigating the impacts of the attack upon consumers and care providers, while continuing to expand financial assistance to affected providers.
Employer Action Items
UnitedHealth Group is announcing support for people who may be concerned about their personal data potentially being breached in the attack.
The company is also providing an update on progress in restoring Change Healthcare’s products and services. See the full update here.
Summary
In response to active exploitation of a cybersecurity vulnerability, the Federal Bureau of Investigation (“FBI”), the Cybersecurity and Infrastructure Security Agency (“CISA”), and the Department of Health and Human Services (“HHS”) have released a joint announcement related to the Change Healthcare cyberattack. The advisory details the attack and provides information for medical practices and information technology staff to help strengthen organizational cybersecurity.
Attackers gained access to Change Healthcare’s information technology last month, disrupting healthcare, billing operations and care-authorization systems across the country. The attack was a direct threat to critically needed patient care and essential operations of the health care industry.
Change Healthcare reestablished connections to claims network and software on March 18.
HHS’s Office of Civil Rights (“OCR”) is investigating the attack and is reviewing concrete actions to mitigate harms to patients and providers caused by the cyberattack on Change Healthcare.
OCR posted a new webpage to share answers to frequently asked questions (“FAQs”) concerning HIPAA and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (“UHG”), and many other health care entities.
For More Information
- The Centers for Medicare and Medicaid Services (“CMS”) announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request Medicare payments to help with cash flow disruptions. The details of the program, terms and the steps needed to apply can be found in this LINK.
For more information
We’re ready when you are. Get in touch and a friendly, knowledgeable Baldwin advisor is prepared to discuss your business or individual needs, ask a few questions to get the full picture, and make a plan to follow up.
This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. The Baldwin Insurance Group Holdings, LLC (“The Baldwin Group”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. The Baldwin Group does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, The Baldwin Group does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.
The Baldwin Group offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through The Baldwin Group insurance licensed entities. This material is not an offer to sell insurance.
