Skip to content
Baldwin Bulletin

Change Healthcare, a U.S. Healthcare Company, is Confirmed as a Cyberattack

The Baldwin Group
Updated: June 7, 2024
1 minute read

On February 21, 2024, UnitedHealth Group disclosed that one of its companies, Change Healthcare, experienced a cyberattack. This was a significant incident because it was the most serious attack of its kind levied against a U.S. healthcare organization, to date. Since then, UnitedHealth Group continues to make progress in mitigating the impacts of the attack upon consumers and care providers, while continuing to expand financial assistance to affected providers.

Employer Action Items

UnitedHealth Group is announcing support for people who may be concerned about their personal data potentially being breached in the attack.  

The company is also providing an update on progress in restoring Change Healthcare’s products and services. See the full update here.


In response to active exploitation of a cybersecurity vulnerability, the Federal Bureau of Investigation (“FBI”), the Cybersecurity and Infrastructure Security Agency (“CISA”), and the Department of Health and Human Services (“HHS”) have released a joint announcement related to the Change Healthcare cyberattack. The advisory details the attack and provides information for medical practices and information technology staff to help strengthen organizational cybersecurity.

Attackers gained access to Change Healthcare’s information technology last month, disrupting healthcare, billing operations and care-authorization systems across the country. The attack was a direct threat to critically needed patient care and essential operations of the health care industry.

Change Healthcare reestablished connections to claims network and software on March 18.

HHS’s Office of Civil Rights (“OCR”) is investigating the attack and is reviewing concrete actions to mitigate harms to patients and providers caused by the cyberattack on Change Healthcare.

OCR posted a new webpage to share answers to frequently asked questions (“FAQs”) concerning HIPAA and the cybersecurity incident impacting Change Healthcare, a unit of UnitedHealth Group (“UHG”), and many other health care entities.

For More Information

  • The Centers for Medicare and Medicaid Services (“CMS”) announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request Medicare payments to help with cash flow disruptions. The details of the program, terms and the steps needed to apply can be found in this LINK.

Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Baldwin Bulletin
Question of the Month
Question: Can a company shareholder with >2% shares in an S Corporation be an HSA-Eligible Individual?  IRS Publication 969 appears...
Baldwin Bulletin
HHS Finalizes Rule to Strengthen Reproductive Health Care Privacy
On April 22, 2024, the Department of Health and Human Services (“HHS”) issued a final rule to modify certain provisions...
Baldwin Bulletin
Navigating Healthcare Costs: Update on Advanced Explanation of Benefits (AEOB)
On April 23, 2024, the Centers for Medicare & Medicaid Services (“CMS”) provided a status update on the implementation of...
Baldwin Bulletin
DOL Rescinds 2018 Final Rule on Association Health Plans
The Department of Labor (“DOL”) rescinded their 2018 rule entitled ‘‘Definition of Employer Under Section 3(5) of ERISA—Association Health Plans’’...
Baldwin Bulletin
IRS Announces 2025 Affordable Care Act Pay-or-Play Penalties
On February 12, 2024, the Internal Revenue Service (“IRS”) announced updated penalty amounts for 2025 related to the employer shared...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us