The Change Healthcare Cyber Attack: What’s Going On?

April 18, 2024

The Change Healthcare Cyber Attack: What’s Going On?

The recent cyber attack on Change Healthcare has sent ripples throughout the industry, raising concerns about the security of sensitive patient data and the resilience of healthcare IT infrastructure. 

Today, we’ll shed light on the ongoing situation, the efforts to mitigate the impact, and how this event is reshaping the landscape of healthcare cybersecurity.

Key Points:

  • Change Healthcare experienced a large-scale cyber attack on February 21, 2024
  • Since the Change Healthcare cyber attack, hospitals and physician-owned/private practices have been seeing their cash flow majorly disrupted
  • Allegedly, the stolen data includes personal information, payment claims, and medical and dental records
  • A ransomware group called ALPHV, AKA BlackCat, claims responsibility for the cyber attack

What Is Happening with the Change Healthcare Cyber Attack?

Change Healthcare, a major player in healthcare technology and services, recently fell victim to a sophisticated cyber attack. 

This breach compromised the integrity of their systems, affecting millions of patient records and disrupting healthcare services (like yourself) nationwide. 

The ransomware group exploited vulnerabilities in Change Healthcare’s cybersecurity defenses, giving them unauthorized access to terabytes of sensitive data…

And since Change operates the largest clearinghouse for medical claims in the USA, this is basically an apocalyptic catastrophe for any clinics needing to get paid through medical claims.

In fact, Rick Pollack (CEO of the American Hospital Association) stated that this particular cyber attack is:

“the most serious incident of its kind”

Rick Pollack, CEO of the American Hospital Association

What is Being Done to Fix the Cyber Attack?

Change Healthcare was forced to disconnect more than 100 systems on February 21, 2024 in response to the attack.

Cybersecurity experts since are acting to contain the breach and prevent further unauthorized access, along with aiming to:

  • Identify the scope of the attack
  • Patch further vulnerabilities 
  • Restore affected services 

Change Healthcare is also collaborating with law enforcement agencies and cybersecurity organizations to track down the perpetrators and strengthen their defences against future attacks.

How has Change Healthcare Responded?

Change Healthcare is providing support services to those potentially impacted, including:

  • Medical providers are receiving access to an emergency funding program. This involves both interest and interest-free loans, with UnitedHealth claiming they’re issuing about $3.3 billion.
  • Restoring affected services while keeping stakeholders informed throughout the recovery process.

Change Healthcare has since re-activated the following services:

  • Pharmacy services: largely back on since March 7
  • Electronic funds transfer platform: as of March 15
  • Assurance platform: the claims preparations part was relaunched on March 18
  • Relay Exchange: Change’s largest clearinghouse, came back online the weekend of March 23

As of March 22, Change stated that $14 billion in claims have been staged since their Assurance platform relaunch, and those claims are now ready for transmission. 

Now, Change is working hard to ensure that their clearinghouses and payers have the capacity available to deal with the spike in claims that’ll come in. After that, Assurance’s reimbursement management platform will be turned on. 

How Much Money is the Change Healthcare Cyber Attack Costing the Healthcare Industry?

The financial implications of the Change Healthcare cyber attack are very big…

Costs are potentially running into the hundreds of millions of dollars. 

For one costly example, it’s strongly suggested that Change has already paid a ransom of $22 million to the attackers on March 4. 

Other costs include:

  • Breach response
  • Legal fees
  • Potential fines for regulatory non-compliance

For healthcare providers, especially those in plastic surgery and dermatology, the attack underscores the critical need for investing in advanced cybersecurity solutions, and partnering with firms like The Auctus Group that prioritize data protection, operational continuity, and premier medical billing outsourcing services.

How We Are Protecting Our Clients

In response to the Change Healthcare hack, we here at The Auctus Group took proactive steps to address and mitigate the impact on our services and to safeguard our clients’ operations. 

Here’s a detailed look at how we are managing the situation based on your questions:

Financial Integrity & Reconciliation

Did the hack mean I lost money?

No. In fact, it might have led to some funds being deposited into your account without the corresponding Electronic Remittance Advice (ERA/EOB). We are actively working to ensure these payments are correctly posted in your system, despite the missing data from the clearinghouse. This might have temporarily inflated your Accounts Receivable (AR) figures, showing higher balances in the 0-30 and 30-60 day categories while your payments look lower depending on your clearinghouse.

Claim Management & Resubmission

What did we do with the claims that didn’t go out?

We have been diligent in managing the claims affected by the hack. Claims that could not be processed electronically were sent out on paper where necessary. We’ve also made sure to follow up on all submissions, ensuring they were received and processed. In addition, we’ve recently intensified our efforts to clear any backlog, leveraging electronic systems as soon as they were back online.

Proactive Communication & Support

So, I’ll get paid for all claims?

Yes, as much as usual. Given the circumstances surrounding the hack, especially with UnitedHealth Group’s role, there is a strong possibility that timely filing limits will be relaxed. We have taken all necessary steps to protect your revenue and believe that any potential gaps due to the hack will be addressed with understanding from payers.

Continuous Monitoring & Client Support

I still have questions, what should I do?

We encourage you to contact your Revenue Cycle Manager (RCM), ensure they’re using revenue cycle management best practices, or reach out to us directly. We are well-equipped to address any specific concerns or provide further clarification on how we are managing the situation.


Did Change Healthcare pay a ransom?

It has been reported that Change Healthcare was alleged to have paid a $22 million ransom to the ALPHV ransomware group, although the company has not officially confirmed this.

What happened to Change Healthcare?

Change Healthcare was targeted by a ransomware attack, leading to significant disruptions in their services, which affected billing, prescription processing, and other operations.

Who was affected by the Change Healthcare hack?

The hack impacted various stakeholders including hospitals, pharmacies, and healthcare providers who rely on Change Healthcare for processing medical claims and payments.

What is guaranteed to happen once a ransom has been paid?

Paying a ransom does not guarantee that the data will be safely returned or that the attackers won’t demand more money. It is well-documented that attackers may retain copies of stolen data.

When did Change Healthcare get hacked?

The most recent major hack occurred on February 21, 2024.

Is Change Healthcare owned by UnitedHealthcare?

Yes, Change Healthcare is a part of UnitedHealth Group, which also owns UnitedHealthcare.

How many clients does Change Healthcare have?

Change Healthcare services thousands of clients including hospitals, health clinics, and individual healthcare providers across the United States.

Is Change Healthcare fixed?

Change Healthcare has been working on remedying the impact of the hack and restoring services, although complete recovery details might vary by service and region.

Share: Share this article on LinkedIn Share this article via email