HHS, payers meet to address Change Healthcare cyberattack response
HHS called on payers to improve support for small, rural, safety-net providers but acknowledged progress on Change Healthcare cyberattack response.
Source: Getty Images
- Officials from the Department of Health and Human Services (HHS) met with 15 health insurance companies, including major payers and organizations like UnitedHealth Group, Elevance Health, and AHIP, to discuss payers’ Change Healthcare cyberattack response, HHS reported.
During the meeting, HHs reviewed the results of a payer survey exploring payers’ responses to the attack. Based on the findings, HHS leaders, including Secretary Xavier Becerra, White House Deputy National Security Advisor (DNSA) for Cyber and Emerging Technologies Anne Neuberger, and White House Domestic Policy Advisor Neera Tanden, made four key points.
First, they underscored the need for the government and private payers to collaborate in order to improve the recovery process. Second, they highlighted the need for more attention on isolated and smaller organizations, like rural hospitals and safety-net healthcare providers.
Third, payers should be proactive in offering support to providers, the officials emphasized. Specifically, HHS called on UHG—who owns Change Healthcare—to give providers the appropriate resources.
Fourth, HHS officials stressed how this event highlights the vulnerabilities of an interdependent healthcare system. They pointed payers to HHS’s Cybersecurity Performance Goals (CPG) to mitigate risks and advised UnitedHealth Group to be transparent about their claims system’s security and the timeframe for third-party certifications.
Overall, HHS noted that payers have made progress in providing necessary support and efforts to restore claims processing. There were no projections published regarding the expected timeline for recovery.
This was the second readout from HHS in two weeks. The previous readout included a longer list of stakeholder participants encompassing a broader range of healthcare sectors. After hearing from providers about their experiences of the fallout, payers committed to taking more action to push out advanced payments, reduce bureaucratic barriers, and address provider cash flow needs.
Change Healthcare reported a cyberattack on February 22, 2024. The bad actor was BlackCat/ALPHV. The fallout has impacted pharmacies across the nation and military pharmacies around the world. UHG reported that its electronic payment functionality would be available for connection by March 15, 2024, and it planned to test claim connectivity on March 18, 2024.
For more information about the progress of the Change Healthcare cyberattack incident and recovery, visit healthitsecurity.com.
