1. Home
  2. Practice Help
  3. Health Information Technology

Change Healthcare Cyberattack

  • Change Healthcare experienced a cyberattack on Feb. 21 that disrupted payment and revenue cycle management operations.

    Physicians using Change Healthcare – a health care technology company that is part of Optum and owned by UnitedHealth Group – are likely to experience claims and payment disruptions. This is a rapidly evolving situation and physicians should stay tuned for additional updates which will be posted on this page.

  • United, Optum Simplify Funding Assistance Post Cyberattack

    United Healthcare and Optum continue to offer interest-free financial assistance to physicians suffering cash flow problems related to the Change Healthcare cyberattack. TMA has learned that, based on feedback, Optum has simplified the funding terms and made it easier to request larger amounts of money. Practices must show proof of cash flow before the attack and proof of current cash flow, and Optum will make up the difference. Funds are distributed on a weekly basis, so physicians may apply weekly as needed. Use the Temporary Funding Inquiry Form and contact Optum with questions at (877) 702-3253.

  • Novitas Restores Electronic Billing Post Cyberattack

    Change Healthcare and Optum have been working with Novitas Solutions, Texas’ Medicare contractor, to transition physicians and others enrolled for Change Healthcare connections to the Optum clearinghouse for claims and remittances. The transition is complete, Novitas says, and instructs physicians to resume electronic billing as soon as possible “for all JH and JL Medicare claims.” Details can be found in this Novitas announcement. The contractor says “billing electronically will provide an improved cash flow due to our ability to release payment when a finalized claim … reaches the 14-day payment floor for HIPAA-compliant claims.” HIPAA-compliant paper claims “are not paid until a minimum of 29 days after the claim reaches us.”

  • HHS Compilation of Payer Contacts to Assist Physicians

    On March 25th the Department of Health and Human Services (HHS) distributed these resources to assist physicians, pharmacists, and hospitals, with the aftermath of the Change Healthcare cybersecurity attacks. Physicians can use the information compiled by HHS to contact insurers for information about the Change Healthcare cyberattack. HHS’ cover letter points out that the resource document contains a national contact person for each plan, though HHS urges physicians, pharmacists, and hospitals, to reach out first to their health insurer’s regional contact. If these contacts do not respond to inquiries, please contact HHScyber@hhs.gov.

  • Suggested Steps to Protect Your Networks

    Cybersecurity experts and the HHS Administration for Strategic Preparedness and Response (ASPR) suggest taking these steps to protect your networks:

    • With consideration of the written attestation from UHG that the Optum network is safe, organizations should evaluate their risk of using Optum, UnitedHealthcare and UHG systems.
    • While UHG asserts that any system that is currently live and available is safe to use, organizations should evaluate their risks and make determinations if connections to Change Healthcare are appropriate at this time.


    As part of your risk evaluation, healthcare organizations should consider the impacts of severing connectivity to Optum, which includes but is not limited to loss of prior procedure authorizations, electronic prescribing and other patient care functions. Ultimately, your organization should make its own determination on whether or not to block Optum specifically while considering all the risks and consequences of doing so. Change Healthcare is posting updates on the status of the cyberattack.

    Read More

  • Helpful Links

  •  

    TMA is helping to strengthen your practice by offering advice and creating a climate of medical success across the state. 

    Explore TMA Member Benefits

  • What could a TMA membership mean for you, your practice, and your patients?

    Join TMA Now

  • Temporary Funding

  • CMS Announcement

    Accelerated Assistance for Practices Impacted by Cyberattack

    • On Saturday, March 9, the Centers for Medicare & Medicaid Services (CMS) announced an additional avenue of assistance for physicians and practices impacted by the Change Healthcare cyberattack. Practices may now request advanced Medicare payments to sustain practice operations during this disruption. Details on this program can be found in this CMS fact sheet and this statement.

  • CMS Announcement

    2023 MIPS Extreme and Uncontrollable Circumstances Application Reopened in Response to Change Healthcare Cyberattack

    CMS extended 2023 MIPS data submission period until 7 pm CT on April 15, 2024

    How Do I Apply?

    • Sign in to the QPP website.
    • Select ‘Exceptions Applications’ on the left-hand navigation.
    • Select ‘Add New Exception’.
    • Select ‘Extreme and Uncontrollable Circumstances Exception’.
    • Complete the application.
      You MUST select “Ransom/Malware” as the Event Type and include “Change Healthcare cyberattack” in the Event Description.
    • Reminder: Any applications submitted for reasons outside of the Change Healthcare cyberattack will be denied.