Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Research

Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

Billions of dollars made available but worst appears to be over

Connor Jones Tue 18 Jun 2024  //  13:15 UTC

The US government is winding down its financial support for healthcare providers originally introduced following the ransomware attack at Change Healthcare in February.

First launched in March, the Centers for Medicare & Medicaid Services (CMS) said the funding program will end on July 12 after supporting healthcare providers through intense cashflow issues.

The Department of Health and Human Services (HHS) intervened after pharmacies, hospitals, and other service delivery organizations were struggling to submit claims and receive payments from the Medicare and Medicaid programs.

With Change Healthcare providing software for insurance claims and prescription orders to more than 70,000 of these organizations, many of their financial situations quickly became severe, within a week of the attack that forced Change's systems offline.

The US government's support was multifaceted, introducing more relaxed rules around which clearing houses Medicare providers could use, for example. Medicare Advantage organizations, ones that weren't as adversely affected by the attack, were also encouraged to offer advanced funding to struggling providers.

Medicaid and Children's Health Insurance Program managed-care plans were "strongly" encouraged to offer advanced funding too, alongside a relaxation or complete removal of prior authorization requirements.

Medicare Administrative Contractors (MAC) were also forced to accept paper claims while electronic billing systems remained offline during Change's recovery.

"In the face of one of the most widespread cyberattacks on the US healthcare industry, CMS promptly took action to get providers and suppliers access to the funds they needed to continue providing patients with vital care," said Chiquita Brooks-LaSure, administrator at CMS.

"Our efforts helped minimize the disruptive fallout from this incident, and we will remain vigilant to be ready to address future events."

Nearly 9,000 accelerated payments were made to Medicare providers since the government stepped in, totaling more than $3.2 billion. These were somewhat equally split in number for Part A and Part B providers – 4,200 and 4,722 payments respectively, although the Part A payments were worth significantly more – $2.55 billion vs $717.18 million.

The vast majority of these payments (96 percent) have been recovered now that providers can once again bill Medicare as normal.

For those still facing issues beyond the July 12 cutoff, there isn't much in the way of guidance. All we know is that they'll have to get in touch with Change Healthcare and/or their MAC directly and go from there.

"CMS will continue to monitor for other effects of the cyberattack on Medicare providers of services and suppliers and will continue to engage industry partners to address any remaining issues or concerns," the federal agency said in a Monday statement.

"CMS encourages all providers of services and suppliers, technology vendors, and other members of the healthcare ecosystem to double down on cybersecurity, with urgency."

We're only halfway into the year and the ransomware attack at Change Healthcare is a strong contender to be one of the most disruptive and costly of 2024.

As of April, following the release of Change Healthcare's financials from parent company UnitedHealth, the costs associated with the attack were rising close to $1 billion, eclipsing the massive $100 million it cost MGM Resorts to recover from its incident last year. That's including the $22 million ransom payment CEO Andrew Witty confirmed was made to ALPHV/BlackCat after weeks of speculation.

Many of the company's core systems have now fully returned online, but restoration efforts were still ongoing as of last month as some older systems were brought back to action. ®
Send us news
3 Comments

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Heart surgery device maker's security bypassed, data encrypted and stolen

Sounds like th-aorta get this sorted quickly

Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right?

Are your Prometheus servers and exporters secure? Probably not

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

What do ransomware and Jesus have in common? A birth month and an unwillingness to die

35 years since AIDS first borked a PC and we're still no closer to a solution

UK ICO not happy with Google's plans to allow device fingerprinting

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

'It's a double-edged sword,' security researchers tell The Reg

How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'

Botnet's operators 'driven by similar interests as that of the Chinese state'

Suspected LockBit dev, facing US extradition, 'did it for the money'

Dual Russian-Israeli national arrested in August

Infosec experts divided on AI's potential to assist red teams

Yes, LLMs can do the heavy lifting. But good luck getting one to give evidence