White House Meets with Healthcare Community to Discuss Change Healthcare Ransomware Attack Mitigations
On March 12, White House officials met with UnitedHealth Group, leaders at the Department of Health and Human Services, and industry groups to discuss the cyberattack at UHG-owned Change Healthcare, the disruption to healthcare services over the past 3 weeks, and mitigations to help patients and providers.
The Change Healthcare cyberattack was detected on February 21 – the timeline of events can be viewed here – and caused an outage that lasted for three weeks. The Blackcat ransomware group claimed responsibility for the attack. The attack caused massive disruption with providers unable to verify coverage, submit prior authorization requests, exchange clinical records, and be reimbursed for services.
UHG set up a financial assistance program to help providers who receive payments processed by Change Healthcare, who could apply for temporary funding through Optum Financial Services, and the Centers for Medicare and Medicaid Services (CMS) introduced flexibilities to help ease the financial strain on providers, including applications for advanced payment. Last week, 2 weeks after the attack, UHG was finally able to provide a timeline for bringing systems back online and this week confirmed that 99% of pharmacy and payment systems are now online.
The meeting was led by HHS Secretary Xavier Becerra and Deputy Secretary Andrea Palm, who were joined by White House Domestic Policy Advisor Neera Tanden, White House Deputy National Security Advisor (DNSA) for Cyber and Emerging Technologies Anne Neuberger, and others from the federal government. At the meeting, concrete actions were discussed to mitigate the harm caused to patients and providers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Secretary Becerra and Domestic Policy Advisor Tanden stressed that the government and public sector must work together to help providers, many of whom are struggling to make payroll and deliver timely care to patients. They also stressed that insurers needed to help providers who are facing financial difficulties. During the meeting, industry groups discussed the problems faced by providers, the gaps in the response from payers, and how providers desperately need more immediate payment options, direct communications, and relaxed billing and claims processing requirements.
Payers were asked to provide assistance and committed to continued coordination. They also explained that they are working on further steps to reduce red tape, provide accessible funding opportunities through advanced payments, and other measures to address the cash flow issues that providers are experiencing. White House officials said they would be following up on the commitments made by payers at the meeting.
The interconnectedness of healthcare means a cyberattack on one entity can have far-reaching consequences, and with Change Healthcare processing 15 billion transactions annually and its systems touching the data of 1 in 3 patients in America, the fallout from the cyberattack has been immense. At the meeting, DNSA Neuberger stressed the urgent need to strengthen cybersecurity resilience across the sector, and the importance of all organizations implementing the HHS’s voluntary HPH Cybersecurity Performance Goals. A readout of the meeting is available on the HHS website.
